CVE-2019-0090

CVE Database · CVE-2019-0090

CVE-2019-0090

· HIGHModified

CVSS v3.1

7.1

EPSS

0.36%

Published

May 17, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products (2)

intel · converged_security_and_management_engine (up to 12.0.35)vulnerable

intel · server_platform_services (up to sps_e3_05.00.04.027.0)vulnerable

References (4)

https://support.f5.com/csp/article/K59145983

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

Vendor Advisory

https://support.f5.com/csp/article/K59145983

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs