Description
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180924-0003/
Scores
CVSS v3
6.8
EPSS
0.0054
EPSS Percentile
67.7%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
intel/converged_security_management_engine_firmware
< 12.0.5
intel/trusted_execution_engine_firmware
< 4.0
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026