CVE-2018-12188
MEDIUMIntel CSME <11.8.60, 11.11.60, 11.22.60, 12.0.20 - Info Disclosure
Title source: llmDescription
Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190318-0001/
Scores
CVSS v3
4.6
EPSS
0.0011
EPSS Percentile
29.0%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
intel/converged_security_management_engine_firmware
11.0 - 11.8.60
intel/trusted_execution_engine_firmware
3.0 - 3.1.60
Published
Mar 14, 2019
Tracked Since
Feb 18, 2026