Description
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180924-0003/
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
Patch, Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us
Scores
CVSS v3
7.3
EPSS
0.0017
EPSS Percentile
38.3%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
Status
published
Products (3)
intel/converged_security_management_engine_firmware
11.0 - 11.8.50
intel/server_platform_services_firmware
< 4.0
intel/trusted_execution_engine_firmware
3.0 - 3.1.50
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026