CVE-2019-0091

{"id": "CVE-2019-0091", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-05-17T16:29:01.017", "references": [{"url": "https://support.f5.com/csp/article/K21423526", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://support.f5.com/csp/article/K21423526", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo en el instalador para Intel (R) CSME anterior a las versiones 11.8.65, 11.11.65, 11.22.65, 12.0.35 e Intel (R) TXE versiones 3.1.65, 4.0.15 puede permitir que un usuario sin privilegios habilite potencialmente un aumento de privilegios por medio de un acceso local."}], "lastModified": "2024-11-21T04:16:12.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB2C110D-88CC-47EF-87F7-5925553470D7", "versionEndExcluding": "11.8.65", "versionStartIncluding": "11.8.0"}, {"criteria": "cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E57A76A-714A-42C6-A364-394FCE12F636", "versionEndExcluding": "11.11.65", "versionStartIncluding": "11.11.0"}, {"criteria": "cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1104A893-6E27-4908-8BA1-3A1EF334BD8B", "versionEndExcluding": "11.22.65", "versionStartIncluding": "11.22.0"}, {"criteria": "cpe:2.3:a:intel:converged_security_and_management_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2724FD1-2375-40A9-BAEE-0D7AAF91F329", "versionEndExcluding": "12.0.35", "versionStartIncluding": "12.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:trusted_execution_technology:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF138E2C-FCDE-4A13-81EB-27372AB0F1C2", "versionEndExcluding": "3.1.65", "versionStartIncluding": "3.1.0"}, {"criteria": "cpe:2.3:a:intel:trusted_execution_technology:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59273D14-642F-4891-A28C-4E4752044E69", "versionEndExcluding": "4.0.15", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}