CVE-2019-11108
MEDIUM WAF: Medium
CVSS 6.7
Published: 2019-12-18
CWE-20
Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| intel | converged_security_management_engine_firmware | 12.0 - 12.0.45 |
| intel | converged_security_management_engine_firmware | 13.0 - 13.0.10 |
References
- www.intel.com (Vendor Advisory)