CVE-2019-0086

{"id": "CVE-2019-0086", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-05-17T16:29:00.797", "references": [{"url": "https://danishcyberdefence.dk/blog/dal", "source": "secure@intel.com"}, {"url": "https://support.f5.com/csp/article/K35815741", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://danishcyberdefence.dk/blog/dal", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.f5.com/csp/article/K35815741", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}, {"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso insuficiente en el programa Dynamic Application Loader para Intel (R) CSME anteriores a las versiones 11.8.65, 11.11.65, 11.22.65, 12.0.35 e Intel (R) TXE 3.1.65, 4.0.15 puede admitir que un usuario sin privilegios para habilitar potencialmente la escalada de privilegios por medio de un acceso local."}], "lastModified": "2024-11-21T04:16:12.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C492D5B7-80F3-4DD4-A792-25A154966D44", "versionEndExcluding": "11.8.65", "versionStartIncluding": "11.0"}, {"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC86032A-A9A5-430F-95FC-EA1D5AF94019", "versionEndExcluding": "11.11.65", "versionStartIncluding": "11.10"}, {"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F7A7DAE-A8DE-4723-9117-0E683EF1933F", "versionEndExcluding": "11.22.65", "versionStartIncluding": "11.20"}, {"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1373749-02ED-41E6-B664-BF8406E67FD6", "versionEndExcluding": "12.0.35", "versionStartIncluding": "12.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F6EB874-BC8C-4A9D-8F1F-1D3AFD0E12A2", "versionEndExcluding": "3.1.65", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2903149E-4328-4BA6-BE5E-DC92C8D64AB0", "versionEndIncluding": "4.0.15", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}