{"containers": {"cna": {"affected": [{"product": "Intel(R) Converged Security & Management Engine (CSME) Dynamic Application Loader, Intel (R) Trusted Execution Engine Interface (TXE)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions before CSME 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15."}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-23T21:10:54", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K35815741"}, {"tags": ["x_refsource_MISC"], "url": "https://danishcyberdefence.dk/blog/dal"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2019-0086", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) Converged Security & Management Engine (CSME) Dynamic Application Loader, Intel (R) Trusted Execution Engine Interface (TXE)", "version": {"version_data": [{"version_value": "Versions before CSME 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"name": "https://support.f5.com/csp/article/K35815741", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K35815741"}, {"name": "https://danishcyberdefence.dk/blog/dal", "refsource": "MISC", "url": "https://danishcyberdefence.dk/blog/dal"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:07.698Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K35815741"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://danishcyberdefence.dk/blog/dal"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2019-0086", "datePublished": "2019-05-17T15:41:38", "dateReserved": "2018-11-13T00:00:00", "dateUpdated": "2024-08-04T17:37:07.698Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C492D5B7-80F3-4DD4-A792-25A154966D44", "versionEndExcluding": "11.8.65", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC86032A-A9A5-430F-95FC-EA1D5AF94019", "versionEndExcluding": "11.11.65", "versionStartIncluding": "11.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F7A7DAE-A8DE-4723-9117-0E683EF1933F", "versionEndExcluding": "11.22.65", "versionStartIncluding": "11.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1373749-02ED-41E6-B664-BF8406E67FD6", "versionEndExcluding": "12.0.35", "versionStartIncluding": "12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F6EB874-BC8C-4A9D-8F1F-1D3AFD0E12A2", "versionEndExcluding": "3.1.65", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2903149E-4328-4BA6-BE5E-DC92C8D64AB0", "versionEndIncluding": "4.0.15", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso insuficiente en el programa Dynamic Application Loader para Intel (R) CSME anteriores a las versiones 11.8.65, 11.11.65, 11.22.65, 12.0.35 e Intel (R) TXE 3.1.65, 4.0.15 puede admitir que un usuario sin privilegios para habilitar potencialmente la escalada de privilegios por medio de un acceso local."}], "id": "CVE-2019-0086", "lastModified": "2024-11-21T04:16:12.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-17T16:29:00.797", "references": [{"source": "secure@intel.com", "url": "https://danishcyberdefence.dk/blog/dal"}, {"source": "secure@intel.com", "url": "https://support.f5.com/csp/article/K35815741"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://danishcyberdefence.dk/blog/dal"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K35815741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}, {"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}