CVE-2018-3659

MEDIUM

Intel PTT/CSME <12.0.5/<4.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180924-0003/

Scores

CVSS v3 6.8
EPSS 0.0042
EPSS Percentile 34.3%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
intel/converged_security_management_engine_firmware < 12.0.5
intel/trusted_execution_engine_firmware < 4.0
Published Sep 12, 2018
Tracked Since Feb 18, 2026