CVE-2019-11147

HIGH

Intel CSME <11.8.70, TXE <3.1.70, MEInfo <14.0.10 - Privilege Escal...

Title source: llm

Description

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL-SA-00125 Detection Tool version 1.0.45.0 or before may allow an authenticated user to potentially enable escalation of privilege via local access.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Scores

CVSS v3 7.8

EPSS 0.0020

EPSS Percentile 42.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

intel/converged_security_management_engine_firmware 11.0 - 11.8.70

intel/intel-sa-00125_detection_tool < 1.0.45.0

intel/sa-00086_detection_tool < 1.2.7.0

intel/trusted_execution_engine_firmware 3.0 - 3.1.70

Published Dec 18, 2019

Tracked Since Feb 18, 2026