CVE-2018-12191
HIGHIntel CSME Firmware < 11.8.60 - Unauthenticated RCE via Physical Access
Title source: llmDescription
Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190318-0001/
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us
Scores
CVSS v3
7.6
EPSS
0.0023
EPSS Percentile
45.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (3)
intel/converged_security_management_engine_firmware
11.0 - 11.8.60
intel/server_platform_services_firmware
4.00.04.367 - 4.00.04.383
intel/trusted_execution_engine_firmware
3.0 - 3.1.60
Published
Mar 14, 2019
Tracked Since
Feb 18, 2026