Intel is warning of a high-severity flaw in the firmware of its converged security and management engine (CSME), which if exploited could allow privilege escalation, denial of service and information disclosure.
CSME powers Intel’s Active Management System hardware and firmware technology, used for remote out-of-band management in consumer or corporate PCs, Internet of Things (IoT) devices, and workstations.
The subsystem of CSME has an improper authentication bug (CVE-2019-14598), which has a CVSS score of 8.2 out of 10.0, making it high severity. A privileged user, with local access, could exploit the flaw to launch an array of attacks, according to Intel.
