CVE-2018-12189

Published: Mar 14, 2019Modified: Nov 21, 2024

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.

Affected (6)

Products: Intel: Converged Security Management Engine Firmware, Trusted Execution Engine Firmware

Intel

2 products

Converged Security Management Engine Firmware

Trusted Execution Engine Firmware

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Intel Converged Security Management Engine Firmware	From 11.0 to 11.8.60
Intel Converged Security Management Engine Firmware	From 11.10 to 11.11.60
Intel Converged Security Management Engine Firmware	From 11.20 to 11.22.60
Intel Converged Security Management Engine Firmware	From 12.0.0 to 12.0.20
Intel Trusted Execution Engine Firmware	From 3.0 to 3.1.60
Intel Trusted Execution Engine Firmware	From 4.0 to 4.0.10

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (4)

https://security.netapp.com/advisory/ntap-20190318-0001/

Source: secure@intel.com

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html

Source: secure@intel.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20190318-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.