CVE-2019-11101: Input Validation
First published: Wed Dec 18 2019(Updated: )
Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Converged Security Management Engine Firmware | >=11.0<11.8.70 | |
| Intel Converged Security Management Engine Firmware | >=11.10<11.11.70 | |
| Intel Converged Security Management Engine Firmware | >=11.20<11.22.70 | |
| Intel Converged Security Management Engine Firmware | >=12.0<12.0.45 | |
| Intel Converged Security Management Engine Firmware | >=13.0<13.0.10 | |
| Intel Converged Security Management Engine Firmware | >=14.0.0<14.0.10 | |
| Intel Trusted Execution Engine Firmware | >=3.0<3.1.70 | |
| Intel Trusted Execution Engine Firmware | >=4.0<4.0.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-11101?
CVE-2019-11101 is a vulnerability that allows a privileged user to potentially enable information disclosure via local access in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20.
How severe is CVE-2019-11101?
CVE-2019-11101 has a severity score of 4.4, which is considered medium.
What software versions are affected by CVE-2019-11101?
Intel(R) CSME versions 11.0 to 11.8.70, 11.10 to 11.11.70, 11.20 to 11.22.70, 12.0 to 12.0.45, 13.0 to 13.0.10, 14.0.0 to 14.0.10 and Intel(R) TXE versions 3.0 to 3.1.70, 4.0 to 4.0.20 are affected.
How can I fix CVE-2019-11101?
To fix CVE-2019-11101, update your Intel(R) CSME and Intel(R) TXE firmware to versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, 14.0.10, 3.1.70, or 4.0.20 respectively.
Where can I find more information about CVE-2019-11101?
You can find more information about CVE-2019-11101 at the Intel Security Center Advisory page: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/intel
- canonical/intel converged security management engine firmware
- version/intel converged security management engine firmware/11.0
- version/intel converged security management engine firmware/11.10
- version/intel converged security management engine firmware/11.20
- version/intel converged security management engine firmware/12.0
- version/intel converged security management engine firmware/13.0
- version/intel converged security management engine firmware/14.0.0
- canonical/intel trusted execution engine firmware
- version/intel trusted execution engine firmware/3.0
- version/intel trusted execution engine firmware/4.0