Buffer Overflow Vulnerability in Intel CSME and TXE Products
CVE-2018-12208

7.6HIGH

Summary

The vulnerability involves a buffer overflow in the HECI subsystem of Intel's CSME, allowing an unauthenticated user with physical access to potentially execute arbitrary code. This issue affects multiple versions of Intel CSME, TXE, and Server Platform Services, making it crucial for users to update to the latest versions to mitigate this risk. For detailed information and updates, refer to Intel's security advisory and other resources provided.

Affected Version(s)

Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology Multiple versions.

References

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.