CVE-2018-3627

Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0
intelconverged_security_management_engine_firmware
11.0
intelconverged_security_management_engine_firmware
11.0
intelconverged_security_management_engine_firmware
11.0
intelconverged_security_management_engine_firmware
11.0
intelconverged_security_management_engine_firmware
11.0
netappelement_software_management_node
-
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/ntap-20190327-0006/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html
https://security.netapp.com/advisory/ntap-20190327-0006/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html