CVE-2018-12191

Published: Mar 14, 2019Modified: Nov 21, 2024

7.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 6.0

Source: NVD

Description

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

Affected (8)

Products: Intel: Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware

Intel

3 products

Converged Security Management Engine Firmware

Server Platform Services Firmware

Trusted Execution Engine Firmware

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Intel Converged Security Management Engine Firmware	From 11.0 to 11.8.60
Intel Converged Security Management Engine Firmware	From 11.10 to 11.11.60
Intel Converged Security Management Engine Firmware	From 11.20 to 11.22.60
Intel Converged Security Management Engine Firmware	From 12.0.0 to 12.0.20
Intel Server Platform Services Firmware	From 4.00.04.367 to 4.00.04.383
Intel Server Platform Services Firmware	From 4.01.00.152.0 to 4.01.02.174
Intel Trusted Execution Engine Firmware	From 3.0 to 3.1.60
Intel Trusted Execution Engine Firmware	From 4.0 to 4.0.10