CVE-2018-3655

3 documents3 sources

Severity

7.3HIGH

EPSS

0.2%

top 61.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Server Platform Services Firmware Intel Converged Security Management Engine Firmware Intel Trusted Execution Engine Firmware

Timeline

PublishedSep 12

Latest updateMay 13

Description

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.8

Affected Packages3 packages

▶NVDintel/server_platform_services_firmware< 4.0

▶NVDintel/trusted_execution_engine_firmware3.0 — 3.1.50

▶NVDintel/converged_security_management_engine_firmware11.0 — 11.8.50+2

Patches

Patch: support.hpe.com ↗Patch: support.hpe.com ↗

🔴Vulnerability Details

GHSA

GHSA-734w-96m8-gvgp: A vulnerability in a subsystem in Intel CSME before version 11↗2022-05-13

▶

CVEList

CVE-2018-3655: A vulnerability in a subsystem in Intel CSME before version 11↗2018-09-12

▶