CVE-2018-12147
published 2019-06-13CVE-2018-12147: Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted…
medium6.7CVSS 3.0
AVLACLPRHUINSUCHIHAH
Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intel | converged_security_management_engine_firmware | 11.0 – 11.8.50 | — |
| intel | converged_security_management_engine_firmware | 11.10 – 11.11.50 | — |
| intel | converged_security_management_engine_firmware | 11.20 – 11.21.51 | — |
| intel | server_platform_services_firmware | < 4.0 | 4.0 |
| intel | trusted_execution_engine_firmware | 3.0 – 3.1.50 | — |