CVE-2018-12208

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0 ≤
𝑥
< 11.8.60
intelconverged_security_management_engine_firmware
11.10 ≤
𝑥
< 11.11.60
intelconverged_security_management_engine_firmware
11.20 ≤
𝑥
< 11.22.60
intelconverged_security_management_engine_firmware
12.0.0 ≤
𝑥
< 12.0.20
intelserver_platform_services_firmware
𝑥
< 5.00.04.012
inteltrusted_execution_engine_firmware
3.0 ≤
𝑥
< 3.1.60
inteltrusted_execution_engine_firmware
4.0 ≤
𝑥
< 4.0.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.netapp.com/advisory/ntap-20190318-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
https://security.netapp.com/advisory/ntap-20190318-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html