{"api_version":"1","generated_at":"2026-04-21T08:55:04+00:00","cve":"CVE-2019-0086","urls":{"html":"https://cve.report/CVE-2019-0086","api":"https://cve.report/api/cve/CVE-2019-0086.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-0086","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-0086"},"summary":{"title":"CVE-2019-0086","description":"Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.","state":"PUBLIC","assigner":"secure@intel.com","published_at":"2019-05-17 16:29:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["CWE-59","CWE-732"],"metrics":[],"references":[{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"INTEL-SA-00213","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.f5.com/csp/article/K35815741","name":"https://support.f5.com/csp/article/K35815741","refsource":"CONFIRM","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://danishcyberdefence.dk/blog/dal","name":"https://danishcyberdefence.dk/blog/dal","refsource":"MISC","tags":[],"title":"Danish Cyber Defence","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-0086","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0086","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"86","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"86","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"86","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"trusted_execution_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"86","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"trusted_execution_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"86","vulnerable":"1","versionEndIncluding":"4.0.15","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"trusted_execution_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-0086","ASSIGNER":"secure@intel.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Intel(R) Converged Security & Management Engine (CSME) Dynamic Application Loader, Intel (R) Trusted Execution Engine Interface (TXE)","version":{"version_data":[{"version_value":"Versions before CSME 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15."}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Escalation of Privilege"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html"},{"refsource":"CONFIRM","name":"https://support.f5.com/csp/article/K35815741","url":"https://support.f5.com/csp/article/K35815741"},{"refsource":"MISC","name":"https://danishcyberdefence.dk/blog/dal","url":"https://danishcyberdefence.dk/blog/dal"}]},"description":{"description_data":[{"lang":"eng","value":"Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access."}]}},"nvd":{"publishedDate":"2019-05-17 16:29:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["CWE-59","CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.8.65","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.10","versionEndExcluding":"11.11.65","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.20","versionEndExcluding":"11.22.65","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.0.35","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.1.65","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.0.15","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"86","Ordinal":"136177","Title":"CVE-2019-0086","CVE":"CVE-2019-0086","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"86","Ordinal":"1","NoteData":"Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"86","Ordinal":"2","NoteData":"2019-05-17","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"86","Ordinal":"3","NoteData":"2020-01-23","Type":"Other","Title":"Modified"}]}}}