CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2018-12190
https://notcve.org/view.php?id=CVE-2018-12190
Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access. Una validación de entrada insuficiente en el subsistema Intel(r) CSME en las versiones anteriores a la 11.8.60, 11.11.60, 11.22.60 o 12.0.20 o Intel(r) TXE en las versiones anteriores a la 3.1.60 o 4.0.10 puede permitir a un usuario con privilegios una escalada de privilegios a través del acceso local. • https://security.netapp.com/advisory/ntap-20190318-0001 https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-3655
https://notcve.org/view.php?id=CVE-2018-3655
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access. Una vulnerabilidad en un subsistema en Intel CSME en versiones anteriores a la 11.21.55, Intel Server Platform Services en versiones anteriores a la 4.0 y el firmware Intel Trusted Execution Engine en versiones anteriores a la 3.1.55 podría permitir que un usuario no autenticado modifique o divulgue información mediante acceso físico. • https://security.netapp.com/advisory/ntap-20180924-0003 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-3659
https://notcve.org/view.php?id=CVE-2018-3659
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access. Una vulnerabilidad en el módulo Intel PTT en el firmware Intel CSME en versiones anteriores a la 12.0.5 y el firmware Intel TXE en versiones anteriores a la 4.0 podría permitir que un usuario no autenticado divulgue información mediante acceso físico. • https://security.netapp.com/advisory/ntap-20180924-0003 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5710
https://notcve.org/view.php?id=CVE-2017-5710
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector. Múltiples escalados de privilegios en el kernel en Intel Trusted Execution Engine Firmware 3.0 permiten que un proceso no autorizado acceda a contenidos privilegiados mediante un vector no especificado. • http://www.securityfocus.com/bid/101922 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://www.asus.com/News/wzeltG5CjYaIwGJ0 https://www.synology.com/support/security/Synology_SA_17_73 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5707
https://notcve.org/view.php?id=CVE-2017-5707
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code. Múltiples desbordamientos de búfer en el kernel en Trusted Execution Engine Firmware 3.0 permiten que un atacante con acceso local al sistema ejecute código arbitrario. • http://www.securityfocus.com/bid/101919 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://twitter.com/PTsecurity_UK/status/938447926128291842 https://www.asus.com/News/wzeltG5CjYaIwGJ0 https://www.synology.com/support/security/Synology_SA_17_73 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •