CyberSec.Space Logo
Back to CVE Browser

CVE-2018-3643

HIGH
8.2
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile43.12th
PublishedSep 12, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

Affected Platforms (CPE)

πŸ’»
Intel

Converged Security Management Engine Firmware

< 12.0.6
πŸ’»
Intel

Server Platform Services Firmware

< 4.00.04

References & Advisories

πŸ”— https://security.netapp.com/advisory/ntap-20180924-0002/
πŸ”— https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us
πŸ”— https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html
πŸ”— https://security.netapp.com/advisory/ntap-20180924-0002/
πŸ”— https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us
πŸ”— https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html

Related Vulnerabilities

CVE-2018-36288.8

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3....

CVE-2018-36326.7

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x ...

CVE-2018-36296.5

Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...