Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
2019-12-18T22:15:12.723
2024-11-21T04:20:32.660
Modified
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | intel | converged_security_management_engine_firmware | < 11.8.70 | Yes |
| Operating System | intel | converged_security_management_engine_firmware | < 11.11.70 | Yes |
| Operating System | intel | converged_security_management_engine_firmware | < 11.22.70 | Yes |
| Operating System | intel | converged_security_management_engine_firmware | < 12.0.45 | Yes |
| Operating System | intel | converged_security_management_engine_firmware | < 13.0.10 | Yes |
| Operating System | intel | converged_security_management_engine_firmware | < 14.0.10 | Yes |
| Operating System | intel | trusted_execution_engine_firmware | < 3.1.70 | Yes |
| Operating System | intel | trusted_execution_engine_firmware | < 4.0.20 | Yes |