CVE-2018-3655

EUVD-2018-15509
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0 ≤
𝑥
≤ 11.8.50
intelconverged_security_management_engine_firmware
11.10 ≤
𝑥
≤ 11.11.50
intelconverged_security_management_engine_firmware
11.20 ≤
𝑥
≤ 11.21.51
intelserver_platform_services_firmware
𝑥
< 4.0
inteltrusted_execution_engine_firmware
3.0 ≤
𝑥
≤ 3.1.50
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html