CVE-2019-11104: Input Validation
First published: Wed Dec 18 2019(Updated: )
Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Converged Security Management Engine Firmware | >=11.0<11.8.70 | |
| Intel Converged Security Management Engine Firmware | >=11.10<11.11.70 | |
| Intel Converged Security Management Engine Firmware | >=11.20<11.22.70 | |
| Intel Converged Security Management Engine Firmware | >=12.0<12.0.45 | |
| Intel Converged Security Management Engine Firmware | >=13.0<13.0.10 | |
| Intel Converged Security Management Engine Firmware | >=14.0.0<14.0.10 | |
| Intel Trusted Execution Engine Firmware | >=3.0<3.1.70 | |
| Intel Trusted Execution Engine Firmware | >=4.0<4.0.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-11104?
CVE-2019-11104 is a vulnerability in the MEInfo software for Intel(R) CSME and Intel(R) TXE that allows an authenticated user to potentially enable escalation of privilege via local access.
What is the severity of CVE-2019-11104?
The severity of CVE-2019-11104 is high, with a CVSS score of 7.8.
Which versions of Intel Converged Security Management Engine Firmware are affected by CVE-2019-11104?
Versions 11.0 to 11.8.70, 11.10 to 11.11.70, 11.20 to 11.22.70, 12.0 to 12.0.45, 13.0 to 13.0.10, and 14.0.0 to 14.0.10 of Intel Converged Security Management Engine Firmware are affected by CVE-2019-11104.
Which versions of Intel Trusted Execution Engine Firmware are affected by CVE-2019-11104?
Versions 3.0 to 3.1.70 and 4.0 to 4.0.20 of Intel Trusted Execution Engine Firmware are affected by CVE-2019-11104.
How can I fix CVE-2019-11104?
To fix CVE-2019-11104, users should update their Intel Converged Security Management Engine Firmware to a version above 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10, or 14.0.10, and update their Intel Trusted Execution Engine Firmware to a version above 3.1.70 or 4.0.20.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/intel
- canonical/intel converged security management engine firmware
- version/intel converged security management engine firmware/11.0
- version/intel converged security management engine firmware/11.10
- version/intel converged security management engine firmware/11.20
- version/intel converged security management engine firmware/12.0
- version/intel converged security management engine firmware/13.0
- version/intel converged security management engine firmware/14.0.0
- canonical/intel trusted execution engine firmware
- version/intel trusted execution engine firmware/3.0
- version/intel trusted execution engine firmware/4.0