Vulnerability Details CVE-2019-0090
Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 4.4
References
Products affected by CVE-2019-0090
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.11.0
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.11.65
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.22.0
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.22.65
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.8.0
-
cpe:2.3:a:intel:converged_security_and_management_engine:11.8.65
-
cpe:2.3:a:intel:converged_security_and_management_engine:12.0
-
cpe:2.3:a:intel:server_platform_services:e3_05.01.04.200
-
cpe:2.3:a:intel:server_platform_services:e5_04.01.04.400
-
cpe:2.3:a:intel:server_platform_services:sps_e3_04.01.04.054.0
-
cpe:2.3:a:intel:server_platform_services:sps_e3_04.01.04.109.0
-
cpe:2.3:a:intel:server_platform_services:sps_e3_04.01.04.200
-
cpe:2.3:a:intel:server_platform_services:sps_e3_04.08.04.070.0