PT-2019-1626 · Intel · Intel Server Platform Services+2
Published
2019-03-12
·
Updated
2020-09-10
·
CVE-2018-12191
CVSS v3.1
7.6
High
| Vector | AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Intel Converged Security and Manageability Engine (CSME) versions prior to 11.8.60, 11.11.60, 11.22.60 or 12.0.20
Intel Trusted Execution Engine (TXE) versions prior to 3.1.60 or 4.0.10
Intel Server Platform Services (SPS) versions prior to 4.00.04.383 or SPS 4.01.02.174
Description
The issue is related to a buffer overflow in memory, which can be exploited to execute arbitrary code. An unauthenticated user with physical access may potentially exploit this issue.
Recommendations
For Intel Converged Security and Manageability Engine (CSME) versions prior to 11.8.60, 11.11.60, 11.22.60 or 12.0.20, update to version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or later.
For Intel Trusted Execution Engine (TXE) versions prior to 3.1.60 or 4.0.10, update to version 3.1.60 or 4.0.10 or later.
For Intel Server Platform Services (SPS) versions prior to 4.00.04.383 or SPS 4.01.02.174, update to version 4.00.04.383 or SPS 4.01.02.174 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Converged Security/Manageability Engine
Intel Server Platform Services
Intel Trusted Execution Engine