CVE-2018-3643
HIGHIntel CSME <11.8.55-12.0.6, Intel Server Platform Services <4.x.04 ...
Title source: llmDescription
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html
Patch, Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180924-0002/
Scores
CVSS v3
8.2
EPSS
0.0016
EPSS Percentile
36.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
Status
published
Products (2)
intel/converged_security_management_engine_firmware
< 12.0.6
intel/server_platform_services_firmware
< 4.00.04
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026