Buffer Overflow Vulnerability in Intel CSME and TXE Products
CVE-2018-12208

7.6HIGH

Key Information:

Vendor
Intel
Status
Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology
Vendor
CVE Published:
14 March 2019

Summary

The vulnerability involves a buffer overflow in the HECI subsystem of Intel's CSME, allowing an unauthenticated user with physical access to potentially execute arbitrary code. This issue affects multiple versions of Intel CSME, TXE, and Server Platform Services, making it crucial for users to update to the latest versions to mitigate this risk. For detailed information and updates, refer to Intel's security advisory and other resources provided.

Affected Version(s)

Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology Multiple versions.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190318-0001/
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.