Logic Bug in Intel CSME and Server Platform Services Leading to MEBx Authentication Bypass
CVE-2018-12192

6.8MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology
Vendor
CVE Published:
14 March 2019

Summary

A logic bug was identified in the Kernel subsystem of Intel CSME and Intel Server Platform Services that may allow an unauthenticated user to bypass MEBx authentication. This vulnerability requires physical access to exploit, making it imperative for organizations to implement physical security measures. Affected versions include Intel CSME versions prior to 11.8.60, 11.11.60, 11.22.60, and 12.0.20, as well as Intel Server Platform Services versions prior to SPS_E5_04.00.04.393.0. Organizations are advised to apply the necessary updates to protect their infrastructure from potential exploitation.

Affected Version(s)

Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology Multiple versions.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190318-0001/
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.