PT-2018-1600 · Intel · Intel Trusted Execution Engine Firmware+2
Mark Ermolov
+1
·
Published
2018-09-11
·
Updated
2019-10-03
·
CVE-2018-3655
CVSS v3.1
7.3
High
| Vector | AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Intel CSME versions prior to 11.21.55
Intel Server Platform Services versions prior to 4.0
Intel Trusted Execution Engine Firmware versions prior to 3.1.55
Description
A vulnerability in Intel CSME, Intel Server Platform Services, and Intel Trusted Execution Engine Firmware may allow an unauthenticated user to potentially modify or disclose information via physical access. The issue is caused by privilege management errors.
Recommendations
For Intel CSME versions prior to 11.21.55, update to version 11.21.55 or later.
For Intel Server Platform Services versions prior to 4.0, update to version 4.0 or later.
For Intel Trusted Execution Engine Firmware versions prior to 3.1.55, update to version 3.1.55 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Csme
Intel Server Platform Services
Intel Trusted Execution Engine Firmware