First published: Wed Dec 18 2019(Updated: )
Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.
Credit: secure@intel.com
Affected Software | Affected Version | How to fix |
---|---|---|
Intel Dynamic Application Loader | >=11.0<11.8.70 | |
Intel Dynamic Application Loader | >=11.10<11.11.70 | |
Intel Dynamic Application Loader | >=11.20<11.22.70 | |
Intel Dynamic Application Loader | >=12.0<12.0.45 | |
Intel Dynamic Application Loader | >=13.0<13.0.10 | |
Intel Dynamic Application Loader | >=14.0.0<14.0.10 | |
Intel Trusted Execution Engine Firmware | >=3.0<3.1.70 | |
Intel Trusted Execution Engine Firmware | >=4.0<4.0.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11102 is a vulnerability in Intel(R) DAL software for Intel(R) CSME and Intel(R) TXE that may allow a privileged user to potentially enable information disclosure via local access.
The severity of CVE-2019-11102 is medium, with a CVSSv3 score of 4.4.
CVE-2019-11102 affects Intel(R) DAL software for Intel(R) CSME versions 11.0 to 11.8.70, 11.10 to 11.11.70, 11.20 to 11.22.70, 12.0 to 12.0.45, 13.0 to 13.0.10, 14.0.0 to 14.0.10, and Intel(R) TXE versions 3.0 to 3.1.70, 4.0 to 4.0.20.
A privileged user can potentially enable information disclosure via local access to exploit CVE-2019-11102.
You can find more information about CVE-2019-11102 in Intel's security advisory at the following link: [Intel Security Advisory](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html).