CVE-2018-12192

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 78.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Server Platform Services Firmware

Timeline

PublishedMar 14

Latest updateMay 14

Description

Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDintel/server_platform_services_firmware< sps_e5_04.00.04.393.0

▶NVDintel/converged_security_management_engine_firmware11.0 — 11.8.60+3

🔴Vulnerability Details

GHSA

GHSA-w4wf-4wg4-m73g: Logic bug in Kernel subsystem in Intel CSME before version 11↗2022-05-14

▶

CVEList

CVE-2018-12192: Logic bug in Kernel subsystem in Intel CSME before version 11↗2019-03-14

▶