Logic Bug in Intel CSME and Server Platform Services Leading to MEBx Authentication Bypass
CVE-2018-12192
Key Information:
- Vendor
- Intel
- Vendor
- CVE Published:
- 14 March 2019
Summary
A logic bug was identified in the Kernel subsystem of Intel CSME and Intel Server Platform Services that may allow an unauthenticated user to bypass MEBx authentication. This vulnerability requires physical access to exploit, making it imperative for organizations to implement physical security measures. Affected versions include Intel CSME versions prior to 11.8.60, 11.11.60, 11.22.60, and 12.0.20, as well as Intel Server Platform Services versions prior to SPS_E5_04.00.04.393.0. Organizations are advised to apply the necessary updates to protect their infrastructure from potential exploitation.
Affected Version(s)
Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology Multiple versions.
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved