Intel Converged Security And Manageability Engine vulnerabilities
12 known vulnerabilities affecting intel/converged_security_and_manageability_engine.
Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM10
Vulnerabilities
Page 1 of 1
CVE-2022-26047MEDIUMCVSS 6.5fixed in 16.1.25.1885v2fixed in 16.1.25.1865v6.1+3 more2022-11-11
CVE-2022-26047 [MEDIUM] CWE-20 CVE-2022-26047: Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer
Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.
nvd
CVE-2020-8703MEDIUMCVSS 6.7fixed in 12.0.81fixed in 13.0.47+7 more2021-06-09
CVE-2020-8703 [MEDIUM] CWE-119 CVE-2020-8703: Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86,
Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2020-24507MEDIUMCVSS 4.4fixed in 12.0.81fixed in 13.0.47+8 more2021-06-09
CVE-2020-24507 [MEDIUM] CWE-665 CVE-2020-24507: Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22
Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.
nvd
CVE-2020-24516MEDIUMCVSS 6.8fixed in 13.0.47fixed in 13.30.17+3 more2021-06-09
CVE-2020-24516 [MEDIUM] CVE-2020-24516: Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.
Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
nvd
CVE-2020-24506MEDIUMCVSS 4.4fixed in 12.0.81fixed in 13.0.47+3 more2021-06-09
CVE-2020-24506 [MEDIUM] CWE-125 CVE-2020-24506: Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14
Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access.
nvd
CVE-2020-12303HIGHCVSS 7.8fixed in 11.8.80≥ 11.12.0, < 11.12.80+4 more2020-11-12
CVE-2020-12303 [HIGH] CWE-416 CVE-2020-12303: Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.
Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.
nvd
CVE-2020-12297HIGHCVSS 7.8fixed in 11.8.80≥ 11.12.0, < 11.12.80+4 more2020-11-12
CVE-2020-12297 [HIGH] CVE-2020-12297: Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 1
Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.
nvd
CVE-2020-8761MEDIUMCVSS 4.6fixed in 13.0.40≥ 13.30.0, < 13.30.102020-11-12
CVE-2020-8761 [MEDIUM] CWE-326 CVE-2020-8761: Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 m
Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.
nvd
CVE-2020-8756MEDIUMCVSS 6.7fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12
CVE-2020-8756 [MEDIUM] CWE-20 CVE-2020-8756: Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80
Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
nvd
CVE-2020-8745MEDIUMCVSS 6.8fixed in 11.8.80≥ 11.12.0, < 11.12.80+4 more2020-11-12
CVE-2020-8745 [MEDIUM] CVE-2020-8745: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.8
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
nvd
CVE-2020-8751MEDIUMCVSS 4.6fixed in 11.8.802020-11-12
CVE-2020-8751 [MEDIUM] CVE-2020-8751: Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R
Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.
nvd
CVE-2020-8705MEDIUMCVSS 6.8fixed in 11.8.80≥ 11.12.0, < 11.12.80+5 more2020-11-12
CVE-2020-8705 [MEDIUM] CWE-1188 CVE-2020-8705: Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before
Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthent
nvd