OpenCVE

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Converged Security And Management Engine Server Platform Services

Configuration 1 [-]

cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:intel:server_platform_services:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.f5.com/csp/article/K59145983
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2019-05-17T15:41:38

Updated: 2024-08-04T17:37:07.524Z

Reserved: 2018-11-13T00:00:00

Link: CVE-2019-0090

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-05-17T16:29:00.937

Modified: 2024-11-21T04:16:12.770

Link: CVE-2019-0090

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel(R) Converged Security & Management Engine (CSME), Intel(R) Server Platform Services (SPS)", "vendor": "n/a", "versions": [{"status": "affected", "version": "CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-12T23:08:00", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K59145983"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2019-0090", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) Converged Security & Management Engine (CSME), Intel(R) Server Platform Services (SPS)", "version": {"version_data": [{"version_value": "CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"name": "https://support.f5.com/csp/article/K59145983", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K59145983"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.524Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K59145983"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-0090", "datePublished": "2019-05-17T15:41:38", "dateReserved": "2018-11-13T00:00:00", "dateUpdated": "2024-08-04T17:37:07.524Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "1219056B-D42B-4D3A-9BBB-0EC6856D3E79", "versionEndExcluding": "12.0.35", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:server_platform_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4B4F480-DD79-4A66-9231-FDBE8342CAEA", "versionEndExcluding": "sps_e3_05.00.04.027.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso insuficiente en el subsistema para Intel(R) CSME en versiones anteriores a la 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS en versiones anteriores a la SPS_E3_05.00.04.027.0 puede permitir que un usuario no autenticado habilite potencialmente un aumento de privilegios por medio de un acceso f\u00edsico."}], "id": "CVE-2019-0090", "lastModified": "2024-11-21T04:16:12.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-17T16:29:00.937", "references": [{"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K59145983"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K59145983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}], "sourceIdentifier": "secure@intel.com", "vendorComments": [{"comment": "After an attacker gains access, they would need to invest additional effort in preparation or execution of the vulnerable component in order to use this vulnerability.", "lastModified": "2019-11-08T12:21:48.120", "organization": "Intel"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}