CVE-2019-11110
First published: Wed Dec 18 2019(Updated: )
Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Converged Security Management Engine Firmware | >=11.0<11.8.70 | |
| Intel Converged Security Management Engine Firmware | >=11.10<11.11.70 | |
| Intel Converged Security Management Engine Firmware | >=11.20<11.22.70 | |
| Intel Converged Security Management Engine Firmware | >=12.0<12.0.45 | |
| Intel Converged Security Management Engine Firmware | >=13.0<13.0.10 | |
| Intel Converged Security Management Engine Firmware | >=14.0.0<14.0.10 | |
| Intel Trusted Execution Engine Firmware | >=3.0<3.1.70 | |
| Intel Trusted Execution Engine Firmware | >=4.0<4.0.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-11110?
CVE-2019-11110 is a vulnerability that allows a privileged user to potentially enable escalation of privilege via local access in Intel Converged Security Management Engine Firmware and Intel Trusted Execution Engine Firmware.
What is the severity of CVE-2019-11110?
CVE-2019-11110 has a severity score of 6.7, which is considered medium.
Which versions of Intel Converged Security Management Engine Firmware are affected by CVE-2019-11110?
Intel Converged Security Management Engine Firmware versions 11.0 to 11.8.70, 11.10 to 11.11.70, and 11.20 to 11.22.70 are affected by CVE-2019-11110.
Which versions of Intel Trusted Execution Engine Firmware are affected by CVE-2019-11110?
Intel Trusted Execution Engine Firmware versions 3.0 to 3.1.70 and 4.0 to 4.0.20 are affected by CVE-2019-11110.
How can I fix CVE-2019-11110?
To fix CVE-2019-11110, it is recommended to update to the latest versions of Intel Converged Security Management Engine Firmware (versions above 11.8.70, 11.11.70, and 11.22.70) and Intel Trusted Execution Engine Firmware (versions above 3.1.70 and 4.0.20). Please refer to the official Intel Security Advisory for more information.
- collector/nvd-index
- vendor/intel
- canonical/intel converged security management engine firmware
- version/intel converged security management engine firmware/11.0
- version/intel converged security management engine firmware/11.10
- version/intel converged security management engine firmware/11.20
- version/intel converged security management engine firmware/12.0
- version/intel converged security management engine firmware/13.0
- version/intel converged security management engine firmware/14.0.0
- canonical/intel trusted execution engine firmware
- version/intel trusted execution engine firmware/3.0
- version/intel trusted execution engine firmware/4.0