CVE-2019-11147

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

Un control de acceso insuficiente en el controlador de abstracción de hardware para el software MEInfo para Intel(R) CSME versiones anteriores a 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; software TXEInfo para Intel(R) TXE versiones anteriores a 3.1.70 y 4.0.20; INTEL-SA-00086 Detection Tool versión 1.2.7.0 o anterior; INTEL-SA-00125 Detection Tool versión 1.0.45.0 o anterior, puede permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-04-11 CVE Reserved
2019-12-18 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html	2020-01-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Intel Search vendor "Intel"		Intel-sa-00125 Detection Tool Search vendor "Intel" for product "Intel-sa-00125 Detection Tool"				<= 1.0.45.0 Search vendor "Intel" for product "Intel-sa-00125 Detection Tool" and version " <= 1.0.45.0"		-		Affected
Intel Search vendor "Intel"		Sa-00086 Detection Tool Search vendor "Intel" for product "Sa-00086 Detection Tool"				<= 1.2.7.0 Search vendor "Intel" for product "Sa-00086 Detection Tool" and version " <= 1.2.7.0"		-		Affected
Intel Search vendor "Intel"		Converged Security Management Engine Firmware Search vendor "Intel" for product "Converged Security Management Engine Firmware"				>= 11.0 < 11.8.70 Search vendor "Intel" for product "Converged Security Management Engine Firmware" and version " >= 11.0 < 11.8.70"		-		Affected
Intel Search vendor "Intel"		Converged Security Management Engine Firmware Search vendor "Intel" for product "Converged Security Management Engine Firmware"				>= 11.10 < 11.11.70 Search vendor "Intel" for product "Converged Security Management Engine Firmware" and version " >= 11.10 < 11.11.70"		-		Affected
Intel Search vendor "Intel"		Converged Security Management Engine Firmware Search vendor "Intel" for product "Converged Security Management Engine Firmware"				>= 11.20 < 11.22.70 Search vendor "Intel" for product "Converged Security Management Engine Firmware" and version " >= 11.20 < 11.22.70"		-		Affected
Intel Search vendor "Intel"		Converged Security Management Engine Firmware Search vendor "Intel" for product "Converged Security Management Engine Firmware"				>= 12.0 < 12.0.45 Search vendor "Intel" for product "Converged Security Management Engine Firmware" and version " >= 12.0 < 12.0.45"		-		Affected
Intel Search vendor "Intel"		Converged Security Management Engine Firmware Search vendor "Intel" for product "Converged Security Management Engine Firmware"				>= 13.0 < 13.0.0 Search vendor "Intel" for product "Converged Security Management Engine Firmware" and version " >= 13.0 < 13.0.0"		-		Affected
Intel Search vendor "Intel"		Converged Security Management Engine Firmware Search vendor "Intel" for product "Converged Security Management Engine Firmware"				>= 14.0.0 < 14.0.10 Search vendor "Intel" for product "Converged Security Management Engine Firmware" and version " >= 14.0.0 < 14.0.10"		-		Affected
Intel Search vendor "Intel"		Trusted Execution Engine Firmware Search vendor "Intel" for product "Trusted Execution Engine Firmware"				>= 3.0 < 3.1.70 Search vendor "Intel" for product "Trusted Execution Engine Firmware" and version " >= 3.0 < 3.1.70"		-		Affected
Intel Search vendor "Intel"		Trusted Execution Engine Firmware Search vendor "Intel" for product "Trusted Execution Engine Firmware"				>= 4.0 < 4.0.20 Search vendor "Intel" for product "Trusted Execution Engine Firmware" and version " >= 4.0 < 4.0.20"		-		Affected