CVE-2019-11147

moderate-risk
Published 2019-12-18

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.20% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (4)

Intel-Sa-00125 Detection Tool
Sa-00086 Detection Tool

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241....
35
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 10/34 · Low