CVE-2019-0099
Description
Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insufficient access control in Intel Server Platform Services (SPS) firmware allows an unauthenticated attacker with physical access to escalate privileges.
Vulnerability
An insufficient access control vulnerability exists in the Intel Server Platform Services (SPS) subsystem firmware. Affected versions are those before SPS_E3_05.00.04.027.0 [1]. The vulnerability is reachable via physical access to the system, requiring no prior authentication or user interaction.
Exploitation
An attacker with physical access to the target system can exploit the insufficient access control to bypass security checks. No authentication is required. The exact exploitation steps are not publicly detailed, but the attack vector is physical access [1].
Impact
Successful exploitation allows an unauthenticated attacker to escalate privileges. This can lead to full compromise of the system's confidentiality, integrity, and availability, as the attacker gains elevated privileges beyond their initial physical access [1].
Mitigation
Intel has released a firmware update to address this issue. The fixed version is SPS_E3_05.00.04.027.0 [1]. Users should update their SPS firmware to this version or later. No workarounds are available. This CVE is not listed on the Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Intel/SPSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- support.f5.com/csp/article/K30105730mitrex_refsource_CONFIRM
- www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.