CVE-2018-3643

3 documents3 sources

Severity

8.2HIGH

EPSS

0.2%

top 63.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Server Platform Services Firmware Intel Corporation Intel(r) Converged Security AND Management Engine (csme) AND Intel(r) Server Platform Services Firmware

Timeline

PublishedSep 12

Latest updateMay 13

Description

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5intel_corporation/intel(r)_converged_security_and_management_engine_(csme)_and_intel(r)_server_platform_services_firmwareCSME versions before 12.0.6 or Server Platform Services firmware before version 4.x.04.

▶NVDintel/converged_security_management_engine_firmware< 12.0.6

▶NVDintel/server_platform_services_firmware< 4.00.04

Patches

Patch: support.hpe.com ↗Patch: support.hpe.com ↗

🔴Vulnerability Details

GHSA

GHSA-vh4v-fp85-ffwc: A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before vers↗2022-05-13

▶

CVEList

CVE-2018-3643: A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before vers↗2018-09-12

▶