What is CVE-2019-0091?

CVE-2019-0091 is a high-severity vulnerability in Intel Converged_security_and_management_engine, classified under Code Injection. CVSS score: 7.8/10. Published 2019-05-17.

How severe is CVE-2019-0091?

High severity. CVSS v3 base score is 7.8 out of 10.

RCE in Intel Converged_security_and_management_engine

CVE-2019-0091

Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.005 (39.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Intel Converged_security_and_management_engine
Intel Trusted_execution_technology
N/a Intel(r) Converged Security & Management Engine (Csme), Intel (R) Trusted Execution Interface (Txe) — versions Versions before CSME 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15.

Weakness classification (CWE)

CWE-94 — Code Injection

References

secure@intel.com (x_refsource_MISC, Vendor Advisory)
secure@intel.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-0091?: CVE-2019-0091 is a high-severity vulnerability in Intel Converged_security_and_management_engine, classified under Code Injection. CVSS score: 7.8/10. Published 2019-05-17.
How severe is CVE-2019-0091?: High severity. CVSS v3 base score is 7.8 out of 10.