CVE-2018-12147

EUVD-2018-4125
Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, IntelĀ® Server Platform Services before version 4.0 and IntelĀ® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0 ≤
𝑥
≤ 11.8.50
intelconverged_security_management_engine_firmware
11.10 ≤
𝑥
≤ 11.11.50
intelconverged_security_management_engine_firmware
11.20 ≤
𝑥
≤ 11.21.51
intelserver_platform_services_firmware
𝑥
< 4.0
inteltrusted_execution_engine_firmware
3.0 ≤
𝑥
≤ 3.1.50
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html