PT-2018-16108 · Intel · Intel Server Platform Services+2

Publicado

2018-09-12

·

Atualizado

2020-10-30

·

CVE-2018-3643

CVSS v3.1

8.2

Alta

VetorAV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.8.55 Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.11.55 Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.21.55 Intel(R) Converged Security and Management Engine (CSME) versions prior to 12.0.6 Intel(R) Server Platform Services firmware versions prior to 4.x.04
Description A vulnerability in Power Management Controller firmware may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.
Recommendations For Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.8.55, update to version 11.8.55 or later. For Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.11.55, update to version 11.11.55 or later. For Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.21.55, update to version 11.21.55 or later. For Intel(R) Converged Security and Management Engine (CSME) versions prior to 12.0.6, update to version 12.0.6 or later. For Intel(R) Server Platform Services firmware versions prior to 4.x.04, update to version 4.x.04 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-3643

Produtos afetados

Intel Converged Security/Management Engine
Intel Server Platform Services
Power Management Controller