Insufficient Input Validation in Intel CSME and TXE Subsystems
CVE-2018-12190

6.7MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology
Vendor
CVE Published:
14 March 2019

Summary

The vulnerability stems from insufficient input validation in the Intel CSME and TXE subsystems, potentially allowing a privileged user to escalate their privileges through local access. This could lead to unauthorized access and manipulation of system controls, posing a risk to the integrity of the device. Users and organizations using affected versions should prioritize updating their systems to mitigate this risk.

Affected Version(s)

Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology Multiple versions.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190318-0001/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.