CVE-2018-12185
MEDIUMIntel CSME Firmware < 11.8.60 - Unauthenticated Remote Code Execution via Physical Access
Title source: llmDescription
Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190318-0001/
Scores
CVSS v3
6.8
EPSS
0.0015
EPSS Percentile
35.4%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
intel/converged_security_management_engine_firmware
11.0 - 11.8.60
Published
Mar 14, 2019
Tracked Since
Feb 18, 2026