CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-12147

MEDIUM
6.7
CVSS Severity Score
EPSS Score0.1180%
EPSS Percentile27.96th
Published2019年6月13日
Last Modified2024年11月21日

Vulnerability Description

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.

Affected Platforms (CPE)

💻
Intel

Converged Security Management Engine Firmware

>= 11.0 and <= 11.8.50
💻
Intel

Converged Security Management Engine Firmware

>= 11.10 and <= 11.11.50
💻
Intel

Converged Security Management Engine Firmware

>= 11.20 and <= 11.21.51
💻
Intel

Server Platform Services Firmware

< 4.0
💻
Intel

Trusted Execution Engine Firmware

>= 3.0 and <= 3.1.50

References & Advisories

🔗 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
🔗 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147
🔗 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

相關漏洞威脅

CVE-2018-36288.8

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3....

CVE-2018-36438.2

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engin...

CVE-2018-36326.7

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x ...

CVE-2018-36296.5

Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3...