Power Management Firmware Vulnerability in Intel Converged Security and Management Engine
CVE-2018-3643

8.2HIGH

Key Information:

Vendor
Intel
Status
Intel(r) Converged Security And Management Engine (csme) And Intel(r) Server Platform Services Firmware
Vendor
CVE Published:
12 September 2018

Summary

A vulnerability exists in the Power Management Controller firmware associated with specific versions of Intel's Converged Security and Management Engine (CSME) and Server Platform Services. An attacker with administrative access may exploit this vulnerability to reveal sensitive platform secrets or potentially execute arbitrary code on the target system. This issue highlights the need for timely firmware updates to mitigate risks associated with unauthorized access and ensure system integrity.

Affected Version(s)

Intel(R) Converged Security and Management Engine (CSME) and Intel(R) Server Platform Services firmware CSME versions before 12.0.6 or Server Platform Services firmware before version 4.x.04.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180924-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.