Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0148.2
Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT
2019.1 QSR Advisory
2 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel CSME
Intel Server Platform Services
Intel Trusted Execution Engine
Intel Active Management Technology
Intel Dynamic Application Loader
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0170 CVE-2019-0153 CVE-2019-0099
CVE-2019-0098 CVE-2019-0097 CVE-2019-0096
CVE-2019-0094 CVE-2019-0093 CVE-2019-0092
CVE-2019-0091 CVE-2019-0090 CVE-2019-0089
CVE-2019-0086
Member content until: Wednesday, July 3 2019
Revision History: July 2 2019: Vendor updated Affected Products details
May 22 2019: Initial Release
OVERVIEW
Intel has discovered vulnerabilities in the following products:
- Intel CSME
- Intel SPS
- Intel TXE
- Intel DAL
- Intel AMT
published in 2019.1 QSR Advisory [1]
IMPACT
Intel has provided the folllowing information regarding the
vulnerabilities:
"Intel ID: INTEL-SA-00213
Advisory Category: Firmware, Software
Impact of Escalation of Privilege, Denial of Service, Information
vulnerability : Disclosure
Severity rating : HIGH
Original release: 05/14/2019
Last revised: 07/01/2019
Summary:
Multiple potential security vulnerabilities in Intel Converged Security &
Management Engine (Intel CSME), Intel Server Platform Services (Intel SPS),
Intel Trusted Execution Engine Interface (Intel TXE), Intel Dynamic Application
Loader (Intel DAL), and Intel Active Management Technology (Intel AMT) may
allow escalation of privilege, information disclosure, and/or denial of
service. Intel is releasing Intel CSME, Intel SPS, Intel TXE, and Intel AMT
updates to mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2019-0089
Description: Improper data sanitization vulnerability in subsystem in Intel(R)
SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0,
SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged
user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.1 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H
CVEID: CVE-2019-0090
Description: Insufficient access control vulnerability in subsystem for Intel
(R) CSME before version 12.0.35, Intel(R) SPS before version
SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable
escalation of privilege via physical access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2019-0086
Description: Insufficient access control vulnerability in Dynamic Application
Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65,
12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to
potentially enable escalation of privilege via local access.
CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2019-0091
Description: Code injection vulnerability in installer for Intel(R) CSME before
versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15
may allow an unprivileged user to potentially enable escalation of privilege
via local access.
CVSS Base Score: 6.6 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
CVEID: CVE-2019-0092
Description: Insufficient input validation vulnerability in subsystem for Intel
(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an
unauthenticated user to potentially enable escalation of privilege via physical
access.
CVSS Base Score: 6.8 Medium
CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2019-0093
Description: Insufficient data sanitization vulnerability in HECI subsystem for
Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R)
SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to
potentially enable information disclosure via local access.
CVSS Base Score: 2.3 Low
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVEID: CVE-2019-0094
Description: Insufficient input validation vulnerability in subsystem for Intel
(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an
unauthenticated user to potentially enable denial of service via adjacent
network access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2019-0096
Description: Out of bound write vulnerability in subsystem for Intel(R) AMT
before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated
user to potentially enable escalation of privilege via adjacent network access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
CVEID: CVE-2019-0097
Description: Insufficient input validation vulnerability in subsystem for Intel
(R) AMT before version 12.0.35 may allow a privileged user to potentially
enable denial of service via network access.
CVSS Base Score: 4.9 Medium
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2019-0098
Description: Logic bug vulnerability in subsystem for Intel(R) CSME before
version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an
unauthenticated user to potentially enable escalation of privilege via physical
access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVEID: CVE-2019-0099
Description: Insufficient access control vulnerability in subsystem in Intel(R)
SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to
potentially enable escalation of privilege via physical access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVEID: CVE-2019-0153
Description: Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through
12.0.34may allow an unauthenticated user to potentially enable escalation of
privilege via network access.
CVSS Base Score: 9.0 Critical
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2019-0170
Description: Buffer overflow in subsystem in Intel(R) DAL before version
12.0.35 may allow a privileged user to potentially enable escalation of
privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
Intel CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35
+-----------------------------------------------------------------------------------------+
|Intel CSME, Intel Active Management Technology, and Intel DAL |
+--------------------------------------------+--------------------------------------------+
|Updated Intel CSME Firmware Version |Replaces Intel CSME Firmware Version |
+--------------------------------------------+--------------------------------------------+
|11.8.65 |11.0 thru 11.8.60 |
+--------------------------------------------+--------------------------------------------+
|11.11.65 |11.10 thru 11.11.60 |
+--------------------------------------------+--------------------------------------------+
|11.22.65 |11.20 thru 11.22.60 |
+--------------------------------------------+--------------------------------------------+
|12.0.35 |12.0 thru 12.0.20 |
+--------------------------------------------+--------------------------------------------+
Intel Server Platform Services before versions SPS_E3_05.00.04.027.0
+-----------------------------------------------------------------------------------------+
|Intel Server Platform Services |
+--------------------------------------------+--------------------------------------------+
|Updated Intel Server Platform Services |Replaces Intel Server Platform Services |
|Firmware Version |Firmware Version |
+--------------------------------------------+--------------------------------------------+
|SPS_E3_05.00.04.027.0, |SPS_E3_05.00.00.000.0 thru |
|SPS_SoC-A_04.00.04.181.0 and |SPS_E3_05.00.04.023.0 |
|SPS_SoC-X_04.00.04.086.0 | |
+--------------------------------------------+--------------------------------------------+
Intel Trusted Execution Engine before TXE 3.1.65, 4.0.15
+-----------------------------------------------------------------------------------------+
|Intel Trusted Execution Engine |
+--------------------------------------------+--------------------------------------------+
|Updated Intel Trusted Execution Engine |Replaces Intel Trusted Execution Engine |
|Firmware Version |Firmware Version |
+--------------------------------------------+--------------------------------------------+
|3.1.65 |3.0 thru 3.1.50 |
+--------------------------------------------+--------------------------------------------+
|4.0.15 |4.0 thru 4.0.5 |
+--------------------------------------------+--------------------------------------------+
Note : Firmware versions of Intel ME 3.x thru 10.x, Intel TXE 1.x thru 2.x and
Intel Server Platform Services 1.x thru 2.X are no longer supported, thus were
not assessed for the vulnerabilities/CVEs listed in this Technical Advisory.
There is no new release planned for these versions." [1]
MITIGATION
Intel recommends:
"Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and
Intel AMT update to the latest version provided by the system manufacturer that
addresses these issues."
REFERENCES
[1] Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT 2019.1
QSR Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXRr0AWaOgq3Tt24GAQgaRw//XVwIMq8Zn6ieVrcesSyPcbeeWHfwl1RF
tZa865xB3p4FVmFgTrRxUCqKOTkl3F39ImbRuRv5J2SsW9ULnro/hI/KuWTZdki6
hjXFVgRqwdY4FAtK9Hy8Sy0Fg1sQtbfppghG0xZXIrPXxXlcyLwxACdPGiOyUZbk
xmSy5pHKt3t4lakKVPF7rKl+ulh0oivLbhAxBg8FTxe8skQKWFUwaTcW1TCmETVo
9qMcDFtzyJT2wu2IV468Mlj4bhqQWbQeGar8s2DLMVfen8Kz8azVzLJMuBP2JSQA
HBGY/NWidBLzq/ABYfrIqiP1cC5mpc53Ft2Eq1n+THPdZsWlqJ963rvo6cVXkuvH
oC4XPj24aX7UwimHiTLbEDDiZ9FQF9x9Bw97nAhLZBsZA+XLjPTT93COdGQNaijz
rFQ73LRAdukEnfYZxNVJ9a5aLl0NbAjXCDkgsvNzbmfZEl9h0nHji30DJuge/piT
fnE2mpf1DJJx+VMUverwy9w083OpKaiZGwjZRaw9BfWALAGPpLOniBZjox+qD77w
+BmTeHK81m1pi1aZxJQm0UpstX3A0NpRfwPGdRm5MXnPGaBIbsWZLXkgJCXrVAoC
oIU5ugEj6dUL+FiCNB1jF90d9Z49P44MYWbiCkUQ8I4jxZaNSMCeu9PCTP2VudOK
MIoVPQbxXR4=
=r3Oc
-----END PGP SIGNATURE-----