CVE-2019-0169 : Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 1

Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.

Published 2019-12-18 22:15:12

Updated 2020-02-11 12:15:20

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of serviceInformation leak

Products affected by CVE-2019-0169

Intel » Trusted Execution Engine Firmware
Versions from including (>=) 4.0 and before (<) 4.0.20
cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Trusted Execution Engine Firmware
Versions from including (>=) 3.0 and before (<) 3.1.70
cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 11.10 and before (<) 11.11.70
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 11.20 and before (<) 11.22.70
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 11.0 and before (<) 11.8.70
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions
Intel » Converged Security Management Engine Firmware
Versions from including (>=) 12.0 and before (<) 12.0.45
cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-0169

EPSS FAQ

0.35%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-0169

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-0169

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-0169

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

INTEL-SA-00241
Vendor Advisory

CVEs referencing this url
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-0169

Products affected by CVE-2019-0169

Exploit prediction scoring system (EPSS) score for CVE-2019-0169

CVSS scores for CVE-2019-0169

CWE ids for CVE-2019-0169

References for CVE-2019-0169