PT-2018-16108 · Intel · Intel Server Platform Services+2
Published
2018-09-12
·
Updated
2020-10-30
·
CVE-2018-3643
CVSS v3.1
8.2
High
| Vector | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.8.55
Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.11.55
Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.21.55
Intel(R) Converged Security and Management Engine (CSME) versions prior to 12.0.6
Intel(R) Server Platform Services firmware versions prior to 4.x.04
Description
A vulnerability in Power Management Controller firmware may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.
Recommendations
For Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.8.55, update to version 11.8.55 or later.
For Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.11.55, update to version 11.11.55 or later.
For Intel(R) Converged Security and Management Engine (CSME) versions prior to 11.21.55, update to version 11.21.55 or later.
For Intel(R) Converged Security and Management Engine (CSME) versions prior to 12.0.6, update to version 12.0.6 or later.
For Intel(R) Server Platform Services firmware versions prior to 4.x.04, update to version 4.x.04 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Intel Converged Security/Management Engine
Intel Server Platform Services
Power Management Controller