Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2019-0090

Published: 17/05/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.1 | Impact Score: 6 | Exploitability Score: 0.5
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Converged Security And Management Engine

Vulnerability Summary

Insufficient access control vulnerability in subsystem for Intel(R) CSME prior to 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

intel converged security and management engine

intel server platform services

Vendor Advisories

HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates
Multiple potential security vulnerabilities have been identified with Intel® CSME, Trusted Execution Engine and Intel® Active Management Technology which may allow users to potentially escalate privileges, disclose information or cause a denial of service ...
HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates
Multiple potential security vulnerabilities have been identified with Intel® CSME, Trusted Execution Engine and Intel® Active Management Technology which may allow users to potentially escalate privileges, disclose information or cause a denial of service ...

Github Repositories

https://github.com/engstrar/WikipediaScraper

Node.JS App that scrapes Wikipedia and returns contents organized into JSON format.

Arek's Wikipedia Scraper v300 This scraper will pull the headings and text data from a Wikipedia page and return the data organized into JSON format Examples for use are provided in NodeJS and Python3 Whats New in v300: All JPEG images are now scraped from each page Cors module added Future Development Goals: Scrape sections with tables & bullet points be

Recent Articles

'Unfixable' boot ROM security flaw in millions of Intel chips could spell 'utter chaos' for DRM, file encryption, etc
The Register • Shaun Nichols in San Francisco • 05 Mar 2020

Although exploitation is like shooting a lone fish in a tiny barrel 1,000 miles away

A slit in Intel's security – a tiny window of opportunity – has been discovered, and it's claimed the momentary weakness could be one day exploited to wreak "utter chaos." It is a fascinating vulnerability, though non-trivial to abuse in a practical sense. It cannot be fixed without replacing the silicon, only mitigated, it is claimed: the design flaw is baked into millions of Intel processor chipsets manufactured over the past five years. The problem revolves around cryptographic keys that,...

Read more...

References

NVD-CWE-noinfohttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.htmlhttps://support.f5.com/csp/article/K59145983https://nvd.nist.govhttps://github.com/engstrar/WikipediaScraperhttps://www.theregister.co.uk/2020/03/05/unfixable_intel_csme_flaw/https://support.hp.com/us-en/document/c06330088
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook