Subsystem Vulnerability in Intel CSME, Server Platform Services, and Trusted Execution Engine Firmware
CVE-2018-3655

7.3HIGH

Key Information:

Vendor

Intel
Status
Intel(r) Csme Before Version 11.21.55, Intel(r) Server Platform Services Before Version 4.0 And Intel(r) Trusted Execution Engine Firmware
Vendor
CVE Published:
12 September 2018

What is CVE-2018-3655?

A vulnerability exists in the Intel subsystem affecting versions of Intel CSME, Server Platform Services, and Trusted Execution Engine Firmware prior to specified updates. This flaw could enable an unauthenticated individual with physical access to potentially modify or disclose sensitive information, raising significant security concerns for affected systems.

Affected Version(s)

Intel(R) CSME before version 11.21.55, Intel(R) Server Platform Services before version 4.0 and Intel(R) Trusted Execution Engine Firmware Versions before 11.21.55, 4.0 and 3.1.55.

References

https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180924-0003/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-3655 : Subsystem Vulnerability in Intel CSME, Server Platform Services, and Trusted Execution Engine Firmware