Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-12191

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

Published

2019-03-14T20:29:00.460

Last Modified

2024-11-21T03:44:43.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System intel converged_security_management_engine_firmware < 11.8.60 Yes
Operating System intel converged_security_management_engine_firmware < 11.11.60 Yes
Operating System intel converged_security_management_engine_firmware < 11.22.60 Yes
Operating System intel converged_security_management_engine_firmware < 12.0.20 Yes
Operating System intel server_platform_services_firmware < 4.00.04.383 Yes
Operating System intel server_platform_services_firmware < 4.01.02.174 Yes
Operating System intel trusted_execution_engine_firmware < 3.1.60 Yes
Operating System intel trusted_execution_engine_firmware < 4.0.10 Yes
References