CVE-2018-12208

HIGH

Intel CSME <11.8.60-12.0.20 & TXE <3.1.60-4.0.10 - RCE

Title source: llm

Description

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html

Vendor Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20190318-0001/

Vendor Advisory x_refsource_confirm

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us

Scores

CVSS v3 7.6

EPSS 0.0029

EPSS Percentile 52.7%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (3)

intel/converged_security_management_engine_firmware 11.0 - 11.8.60

intel/server_platform_services_firmware < 5.00.04.012

intel/trusted_execution_engine_firmware 3.0 - 3.1.60

Published Mar 14, 2019

Tracked Since Feb 18, 2026