Subsystem Vulnerability in Intel CSME, Server Platform Services, and Trusted Execution Engine Firmware
CVE-2018-3655
7.3HIGH
Key Information:
- Vendor
- Intel
- Vendor
- CVE Published:
- 12 September 2018
Summary
A vulnerability exists in the Intel subsystem affecting versions of Intel CSME, Server Platform Services, and Trusted Execution Engine Firmware prior to specified updates. This flaw could enable an unauthenticated individual with physical access to potentially modify or disclose sensitive information, raising significant security concerns for affected systems.
Affected Version(s)
Intel(R) CSME before version 11.21.55, Intel(R) Server Platform Services before version 4.0 and Intel(R) Trusted Execution Engine Firmware Versions before 11.21.55, 4.0 and 3.1.55.
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved