CVE-2018-12189 — Improper Check for Unusual or Exceptional Conditions in Intel Converged Security Management Engine Firmware

CWE-754 — Improper Check for Unusual or Exceptional Conditions4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 69.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Trusted Execution Engine Firmware

Timeline

PublishedMar 14

Latest updateMay 13

Description

Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶NVDintel/trusted_execution_engine_firmware3.0 — 3.1.60+1

▶NVDintel/converged_security_management_engine_firmware11.0 — 11.8.60+3

🔴Vulnerability Details

GHSA

GHSA-r7wq-qq39-ch45: Unhandled exception in Content Protection subsystem in Intel CSME before versions 11↗2022-05-13

▶

CVEList

CVE-2018-12189: Unhandled exception in Content Protection subsystem in Intel CSME before versions 11↗2019-03-14

▶

💬Community

Bugzilla

CVE-2017-12189 jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)↗2017-10-09

▶