7.5
CVSSv2

CVE-2019-0153

Published: 17/05/2019 Updated: 28/05/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 up to and including 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Affected Products

Vendor Product Versions
IntelConverged Security Management Engine Firmware-, 12.0.5

Recent Articles

Intel Fixes Critical, High-Severity Flaws Across Several Products
Threatpost • Lindsey O'Donnell • 21 May 2019

Intel has issued an updated advisory for more than 30 fixes addressing vulnerabilities across various products – including a critical flaw in Intel’s converged security and management engine (CSME) that could enable privilege-escalation.
The bug (CVE-2019-0153) exists in a subsystem of Intel CSME, which powers Intel’s Active Management System hardware and firmware technology, used for remote out-of-band management of personal computers. An unauthenticated user could potentially abuse...