CVE-2018-3659

3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.5%

top 32.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Converged Security Management Engine Firmware Intel Trusted Execution Engine Firmware Intel Corporation Intel(r) Platform Trust Technology (ptt)

Timeline

PublishedSep 12

Latest updateMay 13

Description

A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

▶NVDintel/trusted_execution_engine_firmware< 4.0

▶NVDintel/converged_security_management_engine_firmware< 12.0.5

▶CVEListV5intel_corporation/intel(r)_platform_trust_technology_(ptt)Before version 12.0.5.

🔴Vulnerability Details

GHSA

GHSA-hrpf-w86j-42rg: A vulnerability in Intel PTT module in Intel CSME firmware before version 12↗2022-05-13

▶

CVEList

CVE-2018-3659: A vulnerability in Intel PTT module in Intel CSME firmware before version 12↗2018-09-12

▶