CVE-2018-12208

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.6HIGH

EPSS

0.3%

top 47.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Server Platform Services Firmware Intel Trusted Execution Engine Firmware

Timeline

PublishedMar 14

Latest updateMay 14

Description

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages3 packages

▶NVDintel/server_platform_services_firmware< 5.00.04.012

▶NVDintel/trusted_execution_engine_firmware3.0 — 3.1.60+1

▶NVDintel/converged_security_management_engine_firmware11.0 — 11.8.60+3

🔴Vulnerability Details

GHSA

GHSA-2vhx-cw73-6rc9: Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11↗2022-05-14

▶

CVEList

CVE-2018-12208: Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11↗2019-03-14

▶