CVE-2013-5740 - OpenCVE

Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	C202 Chipset C204 Chipset C206 Chipset C216 Chipset Mobile Intel Qm67 Chipset Mobile Intel Qs67 Chipset Q67 Express Chipset Qm77 Chipset Qs77 Chipset Trusted Execution Technology Sinit Authenticated Code Module

Configuration 1 [-]

OR	cpe:2.3:h:intel:c202_chipset:-:::::::*
	cpe:2.3:h:intel:c204_chipset:-:::::::*
	cpe:2.3:h:intel:c206_chipset:-:::::::*
	cpe:2.3:h:intel:c216_chipset:-:::::::*
	cpe:2.3:h:intel:mobile_intel_qm67_chipset:-:::::::*
	cpe:2.3:h:intel:mobile_intel_qs67_chipset:-:::::::*
	cpe:2.3:h:intel:q67_express_chipset:-:::::::*
	cpe:2.3:h:intel:qm77_chipset:-:::::::*
	cpe:2.3:h:intel:qs77_chipset:-:::::::*
	cpe:2.3:h:intel:qs77_chipset:-::::express:::
	cpe:2.3:o:intel:trusted_execution_technology_sinit_authenticated_code_module::::::::

No data.

References

Link	Providers
http://support.citrix.com/article/CTX138633
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-09-12T18:00:00Z

Updated: 2024-09-16T20:07:00.089Z

Reserved: 2013-09-12T00:00:00Z

Link: CVE-2013-5740

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-09-12T18:37:44.287

Modified: 2014-07-11T15:31:24.373

Link: CVE-2013-5740

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-12T18:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX138633"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5740", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr", "refsource": "CONFIRM", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr"}, {"name": "http://support.citrix.com/article/CTX138633", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX138633"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:22:30.849Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX138633"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-5740", "datePublished": "2013-09-12T18:00:00Z", "dateReserved": "2013-09-12T00:00:00Z", "dateUpdated": "2024-09-16T20:07:00.089Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:c202_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C318BFF-72BD-419A-8707-424CAEE6279F", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:c204_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "817EB2CE-CD1F-43BC-BD1F-E5D4FD85FD5B", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:c206_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "47ADFFD3-88C7-401C-B3C2-1C9CABFF9D09", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:c216_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "831E5093-BE28-46C3-BD0C-E89335ACB789", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:mobile_intel_qm67_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD6B337D-D662-44BA-B593-553E8BBC52DD", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:mobile_intel_qs67_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "A29BF7A9-8C60-484D-BBAD-3A90B2EA2E0B", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:q67_express_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED06F175-16C7-40AA-B3E0-A46AFEA1898D", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:qm77_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3095C32-F92D-414A-9B17-D4F9390D8581", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:qs77_chipset:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FDC4DD9-A5A2-4AD4-919C-8C025B7A829B", "vulnerable": true}, {"criteria": "cpe:2.3:h:intel:qs77_chipset:-:*:*:*:express:*:*:*", "matchCriteriaId": "CFB4F8F7-C251-4D2C-8D59-3B1BCAC36265", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:trusted_execution_technology_sinit_authenticated_code_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "D46FC55A-5B1C-4A13-98AD-BFB6FA8CA07C", "versionEndIncluding": "1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) anteriores a v1.2, usados por Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, y C206 chipsets y Mobile Intel QM67 y QS67 chipsets, cuando el measured launch environment (MLE) es invocado, permite a usuarios locales saltarse el mecanismo de protecci\u00f3n (Trusted Execution Technology) y llevar a cabo otras funciones SINIT ACM no especificadas a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-5740", "lastModified": "2014-07-11T15:31:24.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-12T18:37:44.287", "references": [{"source": "cve@mitre.org", "url": "http://support.citrix.com/article/CTX138633"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}