Daffodil International University
Faculty of Science and Information Technology => Recent Technologies and Trends in Software Engineering => Software Engineering => Cyber and Software Security => Topic started by: maruf.swe on February 22, 2020, 01:33:38 AM
-
(https://media.threatpost.com/wp-content/uploads/sites/103/2017/05/06225031/protsessor-Intel.png)
The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.
Intel is warning of a high-severity flaw in the firmware of its converged security and management engine (CSME), which if exploited could allow privilege escalation, denial of service and information disclosure.
CSME powers Intel’s Active Management System hardware and firmware technology, used for remote out-of-band management in consumer or corporate PCs, Internet of Things (IoT) devices, and workstations.
The subsystem of CSME has an improper authentication bug (CVE-2019-14598), which has a CVSS score of 8.2 out of 10.0, making it high severity. A privileged user, with local access, could exploit the flaw to launch an array of attacks, according to Intel.
For More Details : https://threatpost.com/intel-patches-high-severity-flaw-in-security-engine/152794/ (https://threatpost.com/intel-patches-high-severity-flaw-in-security-engine/152794/)