PT-2019-1667 · Intel · Intel Txe+1

Published

2019-03-12

Updated

2019-03-21

CVE-2018-12188

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Intel CSME versions prior to 11.8.60, 11.11.60, 11.22.60 or 12.0.20 Intel TXE versions prior to 3.1.60 or 4.0.10

Description The issue is related to insufficient input validation in Intel Converged Security and Manageability Engine and Trusted Execution Engine. This could allow an unauthenticated user to potentially modify data via physical access, thereby gaining access to protected information.

Recommendations For Intel CSME versions prior to 11.8.60, 11.11.60, 11.22.60 or 12.0.20, update to version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or later. For Intel TXE versions prior to 3.1.60 or 4.0.10, update to version 3.1.60 or 4.0.10 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-01215

CVE-2018-12188

Affected Products

Intel Csme

Intel Txe

PT-2019-1667 · Intel · Intel Txe+1

CVE-2018-12188

Weakness Enumeration

Related Identifiers

Affected Products

References · 6