CVE-2018-12189
MEDIUMIntel Converged Security Management Engine Firmware < 11.8.60 - Improper Condition Check
Title source: ruleDescription
Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190318-0001/
Scores
CVSS v3
4.4
EPSS
0.0012
EPSS Percentile
30.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-754
Status
published
Products (2)
intel/converged_security_management_engine_firmware
11.0 - 11.8.60
intel/trusted_execution_engine_firmware
3.0 - 3.1.60
Published
Mar 14, 2019
Tracked Since
Feb 18, 2026