cnvd - cnvd-2020-18587

CNVD-2020-18587

Vulnerability from cnvd - Published: 2020-03-22

Title

Intel Converged Security and Management Engine和Intel Server Platform Services HECI子系统信息泄露漏洞

Description

Intel Converged Security and Management Engine（CSME）和Intel Server Platform Services（SPS）都是美国英特尔（Intel）公司的产品。Intel Converged Security and Management Engine是一款安全管理引擎。Intel Server Platform Services是一款服务器平台服务程序。HECI subsystem是其中的一个主机嵌入式控制器接口子系统。 Intel Converged Security and Management Engine和Intel Server Platform Services HECI子系统存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。攻击者可利用该漏洞获取受影响组件敏感信息。

Severity

低

Patch Name

Intel Converged Security and Management Engine和Intel Server Platform Services HECI子系统信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-0093

Impacted products

Name
['Intel CSME <12.0.35', 'Intel SPS <SPS_E3_05.00.04.027.0', 'Intel CSME <11.8.65', 'Intel CSME <11.11.65', 'Intel CSME <11.22.65']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0093",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0093"
    }
  },
  "description": "Intel Converged Security and Management Engine\uff08CSME\uff09\u548cIntel Server Platform Services\uff08SPS\uff09\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel Server Platform Services\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u5e73\u53f0\u670d\u52a1\u7a0b\u5e8f\u3002HECI subsystem\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e3b\u673a\u5d4c\u5165\u5f0f\u63a7\u5236\u5668\u63a5\u53e3\u5b50\u7cfb\u7edf\u3002\n\nIntel Converged Security and Management Engine\u548cIntel Server Platform Services HECI\u5b50\u7cfb\u7edf\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-18587",
  "openTime": "2020-03-22",
  "patchDescription": "Intel Converged Security and Management Engine\uff08CSME\uff09\u548cIntel Server Platform Services\uff08SPS\uff09\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel Server Platform Services\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u5e73\u53f0\u670d\u52a1\u7a0b\u5e8f\u3002HECI subsystem\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e3b\u673a\u5d4c\u5165\u5f0f\u63a7\u5236\u5668\u63a5\u53e3\u5b50\u7cfb\u7edf\u3002\r\n\r\nIntel Converged Security and Management Engine\u548cIntel Server Platform Services HECI\u5b50\u7cfb\u7edf\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Converged Security and Management Engine\u548cIntel Server Platform Services HECI\u5b50\u7cfb\u7edf\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel CSME \u003c12.0.35",
      "Intel SPS \u003cSPS_E3_05.00.04.027.0",
      "Intel CSME \u003c11.8.65",
      "Intel CSME \u003c11.11.65",
      "Intel CSME \u003c11.22.65"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-0093",
  "serverity": "\u4f4e",
  "submitTime": "2019-05-22",
  "title": "Intel Converged Security and Management Engine\u548cIntel Server Platform Services HECI\u5b50\u7cfb\u7edf\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2019-0093 (GCVE-0-2019-0093)

Vulnerability from cvelistv5 – Published: 2019-05-17 15:41 – Updated: 2024-08-04 17:37

Summary

Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…	x_refsource_MISC
	https://support.f5.com/csp/article/K13710800	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Converged Security & Management Engine (CSME), Intel(R) Server Platform Services (SPS)	Affected: Versions before 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K13710800"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Converged Security \u0026 Management Engine (CSME), Intel(R) Server Platform Services (SPS)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-19T07:06:04",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K13710800"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-0093",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Converged Security \u0026 Management Engine (CSME), Intel(R) Server Platform Services (SPS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"
            },
            {
              "name": "https://support.f5.com/csp/article/K13710800",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K13710800"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-0093",
    "datePublished": "2019-05-17T15:41:38",
    "dateReserved": "2018-11-13T00:00:00",
    "dateUpdated": "2024-08-04T17:37:07.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-18587

CVE-2019-0093 (GCVE-0-2019-0093)

Tags

Sightings

Nomenclature