CVE-2013-5740

Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://support.citrix.com/article/CTX138633
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:intel:qs77_chipset:-::::express:::
	cpe:2.3:h:intel:mobile_intel_qs67_chipset:-:::::::*
	cpe:2.3:h:intel:qm77_chipset:-:::::::*
	cpe:2.3:h:intel:qs77_chipset:-:::::::*
	cpe:2.3:h:intel:c206_chipset:-:::::::*
	cpe:2.3:h:intel:q67_express_chipset:-:::::::*
	cpe:2.3:h:intel:mobile_intel_qm67_chipset:-:::::::*
	cpe:2.3:h:intel:c216_chipset:-:::::::*
	cpe:2.3:h:intel:c202_chipset:-:::::::*
	cpe:2.3:o:intel:trusted_execution_technology_sinit_authenticated_code_module::::::::
	cpe:2.3:h:intel:c204_chipset:-:::::::*

Information

Published : 2013-09-12 11:37

Updated : 2014-07-11 08:31

NVD link : CVE-2013-5740

Mitre link : CVE-2013-5740

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

intel

trusted_execution_technology_sinit_authenticated_code_module
c206_chipset
c204_chipset
c202_chipset
qs77_chipset
mobile_intel_qm67_chipset
c216_chipset
mobile_intel_qs67_chipset
qm77_chipset
q67_express_chipset

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.citrix.com/article/CTX138633", "name": "http://support.citrix.com/article/CTX138633", "tags": [], "refsource": "CONFIRM"}, {"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr", "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-5740", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-09-12T18:37Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:intel:qs77_chipset:-:*:*:*:express:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:mobile_intel_qs67_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:qm77_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:qs77_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:c206_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:q67_express_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:mobile_intel_qm67_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:c216_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:intel:c202_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_technology_sinit_authenticated_code_module:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.1"}, {"cpe23Uri": "cpe:2.3:h:intel:c204_chipset:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-07-11T15:31Z"}