PT-2018-1600 · Intel · Intel Trusted Execution Engine Firmware+2

Mark Ermolov

Publicado

2018-09-11

Atualizado

2019-10-03

CVE-2018-3655

CVSS v3.1

7.3

Alta

Vetor

AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Intel CSME versions prior to 11.21.55 Intel Server Platform Services versions prior to 4.0 Intel Trusted Execution Engine Firmware versions prior to 3.1.55

Description A vulnerability in Intel CSME, Intel Server Platform Services, and Intel Trusted Execution Engine Firmware may allow an unauthenticated user to potentially modify or disclose information via physical access. The issue is caused by privilege management errors.

Recommendations For Intel CSME versions prior to 11.21.55, update to version 11.21.55 or later. For Intel Server Platform Services versions prior to 4.0, update to version 4.0 or later. For Intel Trusted Execution Engine Firmware versions prior to 3.1.55, update to version 3.1.55 or later.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

BDU:2018-01157

CVE-2018-3655

Produtos afetados

Intel Csme

Intel Server Platform Services

Intel Trusted Execution Engine Firmware

PT-2018-1600 · Intel · Intel Trusted Execution Engine Firmware+2

CVE-2018-3655

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7