CVE-2018-12191

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0 ≤
𝑥
< 11.8.60
intelconverged_security_management_engine_firmware
11.10 ≤
𝑥
< 11.11.60
intelconverged_security_management_engine_firmware
11.20 ≤
𝑥
< 11.22.60
intelconverged_security_management_engine_firmware
12.0.0 ≤
𝑥
< 12.0.20
intelserver_platform_services_firmware
4.00.04.367 ≤
𝑥
< 4.00.04.383
intelserver_platform_services_firmware
4.01.00.152.0 ≤
𝑥
< 4.01.02.174
inteltrusted_execution_engine_firmware
3.0 ≤
𝑥
< 3.1.60
inteltrusted_execution_engine_firmware
4.0 ≤
𝑥
< 4.0.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.netapp.com/advisory/ntap-20190318-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
https://security.netapp.com/advisory/ntap-20190318-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html