Vulnerability Description
Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Converged Security And Management Engine | < 12.0.35 |
| Intel | Server Platform Services | < sps_e3_05.00.04.027.0 |
References
- https://support.f5.com/csp/article/K59145983Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.Vendor Advisory
- https://support.f5.com/csp/article/K59145983Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.Vendor Advisory
FAQ
What is CVE-2019-0090?
CVE-2019-0090 is a vulnerability with a CVSS score of 7.1 (HIGH). Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SP...
How severe is CVE-2019-0090?
CVE-2019-0090 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0090?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Converged Security And Management Engine, Intel Server Platform Services.