CVE-2018-12191

CWE-119 — Buffer Overflow4 documents4 sources

Severity

7.6HIGH

EPSS

0.2%

top 54.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Server Platform Services Firmware Intel Trusted Execution Engine Firmware

Timeline

PublishedMar 14

Latest updateMay 13

Description

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages3 packages

▶NVDintel/server_platform_services_firmware4.00.04.367 — 4.00.04.383+1

▶NVDintel/trusted_execution_engine_firmware3.0 — 3.1.60+1

▶NVDintel/converged_security_management_engine_firmware11.0 — 11.8.60+3

🔴Vulnerability Details

GHSA

GHSA-8668-g22h-6crc: Bounds check in Kernel subsystem in Intel CSME before version 11↗2022-05-13

▶

CVEList

CVE-2018-12191: Bounds check in Kernel subsystem in Intel CSME before version 11↗2019-03-14

▶

💬Community

Bugzilla

CVE-2017-12191 CFME: VMRC plugin console grants users administrative access↗2017-10-10

▶