CVE-2018-3655

7.3HIGH

Key Information:

Vendor
Intel
Status
Intel(r) Csme Before Version 11.21.55, Intel(r) Server Platform Services Before Version 4.0 And Intel(r) Trusted Execution Engine Firmware
Vendor
CVE Published:
12 September 2018

Summary

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.

Affected Version(s)

Intel(R) CSME before version 11.21.55, Intel(R) Server Platform Services before version 4.0 and Intel(R) Trusted Execution Engine Firmware Versions before 11.21.55, 4.0 and 3.1.55.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180924-0003/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.