← Back

CVE-2018-12147

nvd nist
Published: Jun 13, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.

Affected (5)

Intel
3 products
Converged Security Management Engine Firmware
Server Platform Services Firmware
Trusted Execution Engine Firmware
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Intel
Converged Security Management Engine Firmware
From 11.0 to 11.8.50
Converged Security Management Engine Firmware
From 11.10 to 11.11.50
Converged Security Management Engine Firmware
From 11.20 to 11.21.51
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Server Platform Services Firmware
Before 4.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Trusted Execution Engine Firmware
From 3.0 to 3.1.50

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

Source: secure@intel.com
Source: nvd@nist.gov
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.