Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-11110 (GCVE-0-2019-11110)
Vulnerability from cvelistv5 – Published: 2019-12-18 21:10 – Updated: 2024-08-04 22:48
VLAI?
EPSS
Summary
Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
No CVSS data available.
CWE
- Escalation of Privilege, Denial of Service, Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) CSME, Intel(R) TXE |
Affected:
See provided reference
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:07.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) CSME, Intel(R) TXE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege, Denial of Service, Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T21:10:03.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Intel(R) TXE",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-11110",
"datePublished": "2019-12-18T21:10:03.000Z",
"dateReserved": "2019-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:48:07.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2019-11110
Vulnerability from fkie_nvd - Published: 2019-12-18 22:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF9B1B-4031-40EF-8516-60ABD2BBF1C0",
"versionEndExcluding": "11.8.70",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEC9F8B-3830-4657-874A-521BB9D312F2",
"versionEndExcluding": "11.11.70",
"versionStartIncluding": "11.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58765D34-F8CD-48A2-BA46-F234C2A30B57",
"versionEndExcluding": "11.22.70",
"versionStartIncluding": "11.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1F8A4D-A2DF-44A8-BA4F-8868107C35A0",
"versionEndExcluding": "12.0.45",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "219FA251-B255-4CCC-9FAE-A36C542160E0",
"versionEndExcluding": "13.0.10",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6BBE6CE-6551-47F9-970D-9C85128EBCDC",
"versionEndExcluding": "14.0.10",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD17A8EA-F595-4E4E-B694-FE07544E7945",
"versionEndExcluding": "3.1.70",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCB9B3C-C83A-4563-80F6-3AA50C16A118",
"versionEndExcluding": "4.0.20",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de autenticaci\u00f3n en el subsistema para Intel(R) CSME versiones anteriores a 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 y 14.0.10; Intel(R) TXE versiones anteriores a 3.1.70 y 4.0.20, puede permitir a un usuario privilegiado habilitar una escalada de privilegios por medio de un acceso local."
}
],
"id": "CVE-2019-11110",
"lastModified": "2024-11-21T04:20:33.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-18T22:15:13.190",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2020-18610
Vulnerability from cnvd - Published: 2020-03-22
VLAI Severity ?
Title
Intel TXE和Intel Converged Security and Management Engine授权问题漏洞
Description
Intel Converged Security and Management Engine(CSME)和Intel TXE都是美国英特尔(Intel)公司的产品。Intel Converged Security and Management Engine是一款安全管理引擎。Intel TXE是一款使用在CPU(中央处理器)中具有硬件验证功能的信任执行引擎。
Intel TXE和Intel Converged Security and Management Engine存在授权问题漏洞。攻击者可利用该漏洞绕过身份验证,提升权限。
Severity
中
Patch Name
Intel TXE和Intel Converged Security and Management Engine授权问题漏洞的补丁
Patch Description
Intel Converged Security and Management Engine(CSME)和Intel TXE都是美国英特尔(Intel)公司的产品。Intel Converged Security and Management Engine是一款安全管理引擎。Intel TXE是一款使用在CPU(中央处理器)中具有硬件验证功能的信任执行引擎。
Intel TXE和Intel Converged Security and Management Engine存在授权问题漏洞。攻击者可利用该漏洞绕过身份验证,提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-11110
Impacted products
| Name | ['Intel Intel TXE <3.1.70', 'Intel Intel TXE <4.0.20', 'Intel Intel Converged Security and Management Engine(CSME) <11.8.70', 'Intel Intel Converged Security and Management Engine(CSME) <12.0.45', 'Intel Intel Converged Security and Management Engine(CSME) <13.0.10', 'Intel Intel Converged Security and Management Engine(CSME) <14.0.10', 'Intel Intel Converged Security and Management Engine(CSME) <11.11.70', 'Intel Intel Converged Security and Management Engine(CSME) <11.22.70'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-11110",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-11110"
}
},
"description": "Intel Converged Security and Management Engine\uff08CSME\uff09\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002\n\nIntel TXE\u548cIntel Converged Security and Management Engine\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u63d0\u5347\u6743\u9650\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-18610",
"openTime": "2020-03-22",
"patchDescription": "Intel Converged Security and Management Engine\uff08CSME\uff09\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002\r\n\r\nIntel TXE\u548cIntel Converged Security and Management Engine\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Intel TXE\u548cIntel Converged Security and Management Engine\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Intel Intel TXE \u003c3.1.70",
"Intel Intel TXE \u003c4.0.20",
"Intel Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c11.8.70",
"Intel Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c12.0.45",
"Intel Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c13.0.10",
"Intel Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c14.0.10",
"Intel Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c11.11.70",
"Intel Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c11.22.70"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-11110",
"serverity": "\u4e2d",
"submitTime": "2019-12-06",
"title": "Intel TXE\u548cIntel Converged Security and Management Engine\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}
CVE-2019-11110
Vulnerability from fstec - Published: 12.11.2019
VLAI Severity ?
Title
Уязвимость микропрограммного обеспечения Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE) и Intel Dynamic Application Loader (DAL), связанная с ошибками аутентификации, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость микропрограммного обеспечения Intel Converged Security and Manageability Engine (CSME), Intel Trusted Execution Engine (TXE) и Intel Dynamic Application Loader (DAL) связана с ошибками аутентификации. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии
Severity ?
Vendor
Intel Corp.
Software Name
Intel Converged Security and Manageability Engine, Intel Trusted Execution Engine Firmware
Software Version
до 12.0.45 (Intel Converged Security and Manageability Engine), до 13.0.10 (Intel Converged Security and Manageability Engine), до 14.0.10 (Intel Converged Security and Manageability Engine), до 11.8.70 (Intel Converged Security and Manageability Engine), до 11.11.70 (Intel Converged Security and Manageability Engine), до 11.22.70 (Intel Converged Security and Manageability Engine), до 3.1.70 (Intel Trusted Execution Engine Firmware), до 4.0.20 (Intel Trusted Execution Engine Firmware)
Possible Mitigations
Использование рекомендаций производителя:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
CWE
CWE-287
{
"CVSS 2.0": "AV:L/AC:H/Au:S/C:N/I:C/A:N",
"CVSS 3.0": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Intel Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 12.0.45 (Intel Converged Security and Manageability Engine), \u0434\u043e 13.0.10 (Intel Converged Security and Manageability Engine), \u0434\u043e 14.0.10 (Intel Converged Security and Manageability Engine), \u0434\u043e 11.8.70 (Intel Converged Security and Manageability Engine), \u0434\u043e 11.11.70 (Intel Converged Security and Manageability Engine), \u0434\u043e 11.22.70 (Intel Converged Security and Manageability Engine), \u0434\u043e 3.1.70 (Intel Trusted Execution Engine Firmware), \u0434\u043e 4.0.20 (Intel Trusted Execution Engine Firmware)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.11.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2019",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.11.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04203",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-11110",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Intel Converged Security and Manageability Engine, Intel Trusted Execution Engine Firmware",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f\u00a0Intel\u00a0Converged Security and Manageability Engine (CSME),\u00a0Intel\u00a0Trusted Execution Engine (TXE) \u0438 Intel Dynamic Application Loader (DAL), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f\u00a0Intel\u00a0Converged Security and Manageability Engine (CSME),\u00a0Intel\u00a0Trusted Execution Engine (TXE) \u0438 Intel Dynamic Application Loader (DAL) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,1)"
}
GSD-2019-11110
Vulnerability from gsd - Updated: 2023-12-13 01:24Details
Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-11110",
"description": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GSD-2019-11110",
"references": [
"https://www.suse.com/security/cve/CVE-2019-11110.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-11110"
],
"details": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GSD-2019-11110",
"modified": "2023-12-13T01:24:01.768181Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Intel(R) TXE",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.8.70",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.11.70",
"versionStartIncluding": "11.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.22.70",
"versionStartIncluding": "11.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.45",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0.10",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.0.10",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.70",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0.20",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-11110"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-12-18T22:15Z"
}
}
}
CERTFR-2019-AVI-563
Vulnerability from certfr_avis - Published: 2019-11-13 - Updated: 2019-11-13
De multiples vulnérabilités ont été découvertes dans les microgiciels Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel PTT versions antérieures à 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10 | ||
| Intel | N/A | Intel SPS versions SPS_SoC-X_x antérieures à SPS_SoC-X_04.00.04.086.0 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x antérieures à 11.22.70 | ||
| Intel | N/A | Les processeurs Intel, voir le site du constructeur pour les modèles vulnérables (cf. section documentation) | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x antérieures à 13.0.10 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x antérieures à 12.0.45 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions antérieures à 11.8.70 | ||
| Intel | N/A | Intel SPS versions SPS_E5_x antérieures à SPS_E5_04.00.04.381.0 | ||
| Intel | N/A | Intel SPS versions SPS_E3_x antérieures à SPS_E3_04.01.04.054.0 | ||
| Intel | N/A | Intel SPS versions SPS_SoC-A_x antérieures à SPS_SoC-A_04.00.04.181.0 | ||
| Intel | N/A | Le microgiciel des contrôleurs Ethernet Intel séries 700 versions antérieures à 7.0 | ||
| Intel | N/A | Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les modèles vulnérables (cf. section documentation) | ||
| Intel | N/A | Le logiciel pour contrôleurs Ethernet Intel séries 700 versions antérieure à 24.0 | ||
| Intel | N/A | Intel TXE versions 3.0.x et 3.1.x antérieures à 3.1.70 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x antérieures à 11.11.70 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x antérieures à 14.0.10 | ||
| Intel | N/A | Intel TXE versions 4.0.x antérieures à 4.0.20 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel PTT versions ant\u00e9rieures \u00e0 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_SoC-X_x ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.086.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x ant\u00e9rieures \u00e0 11.22.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les processeurs Intel, voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x ant\u00e9rieures \u00e0 13.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x ant\u00e9rieures \u00e0 12.0.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_E5_x ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_E3_x ant\u00e9rieures \u00e0 SPS_E3_04.01.04.054.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_SoC-A_x ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.181.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Le microgiciel des contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Le logiciel pour contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieure \u00e0 24.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel TXE versions 3.0.x et 3.1.x ant\u00e9rieures \u00e0 3.1.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x ant\u00e9rieures \u00e0 11.11.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x ant\u00e9rieures \u00e0 14.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel TXE versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0143",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0143"
},
{
"name": "CVE-2019-11179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11179"
},
{
"name": "CVE-2019-11139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11139"
},
{
"name": "CVE-2019-0150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0150"
},
{
"name": "CVE-2019-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2019-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0117"
},
{
"name": "CVE-2019-11170",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11170"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2019-11137",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11137"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2019-11175",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11175"
},
{
"name": "CVE-2019-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0139"
},
{
"name": "CVE-2019-0140",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0140"
},
{
"name": "CVE-2019-11172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11172"
},
{
"name": "CVE-2019-11177",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11177"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2019-0141",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0141"
},
{
"name": "CVE-2019-11136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11136"
},
{
"name": "CVE-2019-0149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0149"
},
{
"name": "CVE-2019-11181",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11181"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2019-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0144"
},
{
"name": "CVE-2019-11173",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11173"
},
{
"name": "CVE-2019-11182",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11182"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2019-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0124"
},
{
"name": "CVE-2019-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
},
{
"name": "CVE-2019-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11168"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2019-11171",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11171"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-0142",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0142"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2019-0146",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0146"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2019-11178",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11178"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2019-0184",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0184"
},
{
"name": "CVE-2019-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0123"
},
{
"name": "CVE-2019-11180",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11180"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0148"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2019-11174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11174"
},
{
"name": "CVE-2019-0145",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0145"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2019-0147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0147"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
}
],
"initial_release_date": "2019-11-13T00:00:00",
"last_revision_date": "2019-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les microgiciels\nIntel. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les microgiciels Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00313 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00219 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00270 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00210 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00240 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00255 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00271 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00260 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00280 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00164 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00241 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00220 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html"
}
]
}
CERTFR-2020-AVI-420
Vulnerability from certfr_avis - Published: 2020-07-09 - Updated: 2020-07-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
},
{
"name": "CVE-2016-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2012-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
},
{
"name": "CVE-2016-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2014-7826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
},
{
"name": "CVE-2020-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
},
{
"name": "CVE-2016-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2009-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
},
{
"name": "CVE-2014-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2015-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
},
{
"name": "CVE-2017-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2014-7825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2020-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
},
{
"name": "CVE-2014-9938",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2020-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
},
{
"name": "CVE-2010-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2016-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2020-1645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2020-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
},
{
"name": "CVE-2013-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2015-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
},
{
"name": "CVE-2017-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2014-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
},
{
"name": "CVE-2018-1000613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
},
{
"name": "CVE-2017-12588",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
},
{
"name": "CVE-2016-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"name": "CVE-2016-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2018-1000021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2014-9679",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
},
{
"name": "CVE-2020-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2020-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2009-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2020-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2017-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
},
{
"name": "CVE-2014-9584",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2016-5616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
},
{
"name": "CVE-2015-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
},
{
"name": "CVE-2014-9529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
},
{
"name": "CVE-2020-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2015-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
},
{
"name": "CVE-2006-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
},
{
"name": "CVE-2014-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
},
{
"name": "CVE-2006-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2018-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2011-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2017-15298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
},
{
"name": "CVE-2014-8884",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2020-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2013-4758",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2016-5314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2010-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2010-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
},
{
"name": "CVE-2016-3632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2020-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2012-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2014-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
},
{
"name": "CVE-2018-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
},
{
"name": "CVE-2016-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
},
{
"name": "CVE-2018-19486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
},
{
"name": "CVE-2015-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2018-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2020-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
},
{
"name": "CVE-2012-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
},
{
"name": "CVE-2019-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
},
{
"name": "CVE-2014-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
}
],
"initial_release_date": "2020-07-09T00:00:00",
"last_revision_date": "2020-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GHSA-38M6-GW8W-CMVR
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2024-04-04 02:44
VLAI?
Details
Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-11110"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-18T22:15:00Z",
"severity": "MODERATE"
},
"details": "Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-38m6-gw8w-cmvr",
"modified": "2024-04-04T02:44:02Z",
"published": "2022-05-24T17:03:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11110"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…