Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0148.2 Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT 2019.1 QSR Advisory 2 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel CSME Intel Server Platform Services Intel Trusted Execution Engine Intel Active Management Technology Intel Dynamic Application Loader Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0170 CVE-2019-0153 CVE-2019-0099 CVE-2019-0098 CVE-2019-0097 CVE-2019-0096 CVE-2019-0094 CVE-2019-0093 CVE-2019-0092 CVE-2019-0091 CVE-2019-0090 CVE-2019-0089 CVE-2019-0086 Member content until: Wednesday, July 3 2019 Revision History: July 2 2019: Vendor updated Affected Products details May 22 2019: Initial Release OVERVIEW Intel has discovered vulnerabilities in the following products: - Intel CSME - Intel SPS - Intel TXE - Intel DAL - Intel AMT published in 2019.1 QSR Advisory [1] IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00213 Advisory Category: Firmware, Software Impact of Escalation of Privilege, Denial of Service, Information vulnerability : Disclosure Severity rating : HIGH Original release: 05/14/2019 Last revised: 07/01/2019 Summary: Multiple potential security vulnerabilities in Intel Converged Security & Management Engine (Intel CSME), Intel Server Platform Services (Intel SPS), Intel Trusted Execution Engine Interface (Intel TXE), Intel Dynamic Application Loader (Intel DAL), and Intel Active Management Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service. Intel is releasing Intel CSME, Intel SPS, Intel TXE, and Intel AMT updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2019-0089 Description: Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 8.1 High CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H CVEID: CVE-2019-0090 Description: Insufficient access control vulnerability in subsystem for Intel (R) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 7.1 High CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2019-0086 Description: Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 7.8 High CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVEID: CVE-2019-0091 Description: Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.6 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H CVEID: CVE-2019-0092 Description: Insufficient input validation vulnerability in subsystem for Intel (R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 6.8 Medium CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVEID: CVE-2019-0093 Description: Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access. CVSS Base Score: 2.3 Low CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVEID: CVE-2019-0094 Description: Insufficient input validation vulnerability in subsystem for Intel (R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access. CVSS Base Score: 4.3 Medium CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVEID: CVE-2019-0096 Description: Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access. CVSS Base Score: 6.7 Medium CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H CVEID: CVE-2019-0097 Description: Insufficient input validation vulnerability in subsystem for Intel (R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. CVSS Base Score: 4.9 Medium CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVEID: CVE-2019-0098 Description: Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 5.7 Medium CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVEID: CVE-2019-0099 Description: Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. CVSS Base Score: 5.7 Medium CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVEID: CVE-2019-0153 Description: Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVSS Base Score: 9.0 Critical CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2019-0170 Description: Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. CVSS Base Score: 8.2 High CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: Intel CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 +-----------------------------------------------------------------------------------------+ |Intel CSME, Intel Active Management Technology, and Intel DAL | +--------------------------------------------+--------------------------------------------+ |Updated Intel CSME Firmware Version |Replaces Intel CSME Firmware Version | +--------------------------------------------+--------------------------------------------+ |11.8.65 |11.0 thru 11.8.60 | +--------------------------------------------+--------------------------------------------+ |11.11.65 |11.10 thru 11.11.60 | +--------------------------------------------+--------------------------------------------+ |11.22.65 |11.20 thru 11.22.60 | +--------------------------------------------+--------------------------------------------+ |12.0.35 |12.0 thru 12.0.20 | +--------------------------------------------+--------------------------------------------+ Intel Server Platform Services before versions SPS_E3_05.00.04.027.0 +-----------------------------------------------------------------------------------------+ |Intel Server Platform Services | +--------------------------------------------+--------------------------------------------+ |Updated Intel Server Platform Services |Replaces Intel Server Platform Services | |Firmware Version |Firmware Version | +--------------------------------------------+--------------------------------------------+ |SPS_E3_05.00.04.027.0, |SPS_E3_05.00.00.000.0 thru | |SPS_SoC-A_04.00.04.181.0 and |SPS_E3_05.00.04.023.0 | |SPS_SoC-X_04.00.04.086.0 | | +--------------------------------------------+--------------------------------------------+ Intel Trusted Execution Engine before TXE 3.1.65, 4.0.15 +-----------------------------------------------------------------------------------------+ |Intel Trusted Execution Engine | +--------------------------------------------+--------------------------------------------+ |Updated Intel Trusted Execution Engine |Replaces Intel Trusted Execution Engine | |Firmware Version |Firmware Version | +--------------------------------------------+--------------------------------------------+ |3.1.65 |3.0 thru 3.1.50 | +--------------------------------------------+--------------------------------------------+ |4.0.15 |4.0 thru 4.0.5 | +--------------------------------------------+--------------------------------------------+ Note : Firmware versions of Intel ME 3.x thru 10.x, Intel TXE 1.x thru 2.x and Intel Server Platform Services 1.x thru 2.X are no longer supported, thus were not assessed for the vulnerabilities/CVEs listed in this Technical Advisory. There is no new release planned for these versions." [1] MITIGATION Intel recommends: "Intel recommends that users of Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT update to the latest version provided by the system manufacturer that addresses these issues." REFERENCES [1] Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT 2019.1 QSR Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXRr0AWaOgq3Tt24GAQgaRw//XVwIMq8Zn6ieVrcesSyPcbeeWHfwl1RF tZa865xB3p4FVmFgTrRxUCqKOTkl3F39ImbRuRv5J2SsW9ULnro/hI/KuWTZdki6 hjXFVgRqwdY4FAtK9Hy8Sy0Fg1sQtbfppghG0xZXIrPXxXlcyLwxACdPGiOyUZbk xmSy5pHKt3t4lakKVPF7rKl+ulh0oivLbhAxBg8FTxe8skQKWFUwaTcW1TCmETVo 9qMcDFtzyJT2wu2IV468Mlj4bhqQWbQeGar8s2DLMVfen8Kz8azVzLJMuBP2JSQA HBGY/NWidBLzq/ABYfrIqiP1cC5mpc53Ft2Eq1n+THPdZsWlqJ963rvo6cVXkuvH oC4XPj24aX7UwimHiTLbEDDiZ9FQF9x9Bw97nAhLZBsZA+XLjPTT93COdGQNaijz rFQ73LRAdukEnfYZxNVJ9a5aLl0NbAjXCDkgsvNzbmfZEl9h0nHji30DJuge/piT fnE2mpf1DJJx+VMUverwy9w083OpKaiZGwjZRaw9BfWALAGPpLOniBZjox+qD77w +BmTeHK81m1pi1aZxJQm0UpstX3A0NpRfwPGdRm5MXnPGaBIbsWZLXkgJCXrVAoC oIU5ugEj6dUL+FiCNB1jF90d9Z49P44MYWbiCkUQ8I4jxZaNSMCeu9PCTP2VudOK MIoVPQbxXR4= =r3Oc -----END PGP SIGNATURE-----