CVE-2018-3643

8.2HIGH

Key Information:

Vendor
Intel
Status
Intel(r) Converged Security And Management Engine (csme) And Intel(r) Server Platform Services Firmware
Vendor
CVE Published:
12 September 2018

Summary

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

Affected Version(s)

Intel(R) Converged Security and Management Engine (CSME) and Intel(R) Server Platform Services firmware CSME versions before 12.0.6 or Server Platform Services firmware before version 4.x.04.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180924-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.