{"api_version":"1","generated_at":"2026-04-21T09:11:48+00:00","cve":"CVE-2018-3655","urls":{"html":"https://cve.report/CVE-2018-3655","api":"https://cve.report/api/cve/CVE-2018-3655.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-3655","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-3655"},"summary":{"title":"CVE-2018-3655","description":"A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.","state":"PUBLIC","assigner":"secure@intel.com","published_at":"2018-09-12 19:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html","name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"INTEL-SA-00125","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us","name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"Document Display | HPE Support Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20180924-0003/","name":"https://security.netapp.com/advisory/ntap-20180924-0003/","refsource":"CONFIRM","tags":[],"title":"September 2018 Intel Converged Security Management Engine Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-3655","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3655","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"3655","vulnerable":"1","versionEndIncluding":"11.11.50","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3655","vulnerable":"1","versionEndIncluding":"11.21.51","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3655","vulnerable":"1","versionEndIncluding":"11.8.50","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"converged_security_management_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3655","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"server_platform_services_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3655","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"server_platform_services_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3655","vulnerable":"1","versionEndIncluding":"3.1.50","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"intel","cpe5":"trusted_execution_engine_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@intel.com","DATE_PUBLIC":"2018-09-11T00:00:00","ID":"CVE-2018-3655","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Intel(R) CSME before version 11.21.55, Intel(R) Server Platform Services before version 4.0 and Intel(R) Trusted Execution Engine Firmware","version":{"version_data":[{"version_value":"Versions before 11.21.55, 4.0 and 3.1.55."}]}}]},"vendor_name":"Intel Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Escalation of Privilege, Information Disclosure"}]}]},"references":{"reference_data":[{"name":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html","refsource":"CONFIRM","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"},{"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us","refsource":"CONFIRM","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us"},{"name":"https://security.netapp.com/advisory/ntap-20180924-0003/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20180924-0003/"}]}},"nvd":{"publishedDate":"2018-09-12 19:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.3,"baseSeverity":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.8},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.20","versionEndIncluding":"11.21.51","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.10","versionEndIncluding":"11.11.50","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"11.8.50","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"3.1.50","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"3655","Ordinal":"119459","Title":"CVE-2018-3655","CVE":"CVE-2018-3655","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"3655","Ordinal":"1","NoteData":"A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"3655","Ordinal":"2","NoteData":"2018-09-12","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"3655","Ordinal":"3","NoteData":"2018-09-25","Type":"Other","Title":"Modified"}]}}}