CVE-2018-3643
Summary
| CVE | CVE-2018-3643 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-09-12 19:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Intel | Converged Security Management Engine Firmware | All | All | All | All |
| Operating System | Intel | Converged Security Management Engine Firmware | All | All | All | All |
| Operating System | Intel | Server Platform Services Firmware | All | All | All | All |
| Operating System | Intel | Server Platform Services Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2018-3643 Intel Processor Power Management Controller Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| INTEL-SA-00131 | CONFIRM | www.intel.com | Vendor Advisory |
| Document Display | HPE Support Center | CONFIRM | support.hpe.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.