Security Alert (A19-05-11): Multiple Vulnerabilities in Intel Products


 

Published on: 27 May 2019

Share on Facebook    Share on X   

Description:

Intel has issued a security advisory (INTEL-SA-00213) to address multiple vulnerabilities in some Intel products including Intel® Converged Security & Management Engine (Intel® CSME), Intel® Server Platform Services (Intel® SPS), Intel® Trusted Execution Engine Interface (Intel® TXE), Intel® Dynamic Application Loader (Intel® DAL), and Intel® Active Management Technology (Intel® AMT).  A potential attacker could possibly exploit the vulnerabilities to elevate the privileges of any users without prior approval from system owners, cause disclosure of information, or trigger denial-of-service.

 

Affected Systems:

  • Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35
  • Intel® Server Platform Services before versions SPS_E3_05.00.04.027.0
  • Intel® Trusted Execution Engine before TXE 3.1.65, 4.0.15

 

Impact:

Successful exploitation of the vulnerabilities could lead to privilege escalation, information disclosure, or system crash on an affected system.

 

Recommendation:

Intel offers the INTEL-SA-00213 Discovery Tool to detect the presence of the vulnerabilities on a system. The Discovery Tool is available at the following URL:

https://downloadcenter.intel.com/download/28632/Intel-CSME-Detection-Tool

If the system is confirmed affected, system administrators are advised to check with the system OEM/computer manufacturer for the updated firmware and update the firmware to a non-vulnerable version.

Relevant advice/firmware updates of some computer manufacturers are listed below:

  • Dell
    https://www.dell.com/support/article/hk/zh/hkdhs1/sln317122/dsa-2019-072-dell-client-platform-security-update-for-intel-sa-00213-intel-sa-00223-and-intel-sa-00233?lang=en

  • HP
    https://support.hp.com/hk-en/document/c06330088

  • Lenovo
    https://datacentersupport.lenovo.com/us/en/products/servers/thinksystem/sr630/7x02/product_security/ps500246

  • Fujitsu (for CVE-2019-0153 only)
    http://www.fmworld.net/biz/common/intel/20190515/ (in Japanese)

The above list is not exhaustive and system administrators should consult product vendors to confirm whether the products are affected and if so, availability of patches and mitigation measures.

Users should always adopt and implement multi-layered defense (e.g. firewall,
anti-malware solution, etc.) to defend the potential attack vectors, either through network or malware, that are deployed to exploit the vulnerabilities.

 

More Information:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
https://www.hkcert.org/my_url/en/alert/19051505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0089 to (CVE-2019-0094)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0096 to (CVE-2019-0099)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0170

 



Tag:
Tags