CVE-2018-3643
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.
Una vulnerabilidad en el firmware Power Management Controller en sistemas que emplean un CSME (Intel® Converged Security and Management Engine) específico en versiones anteriores a la 11.8.55, 11.11.55, 11.21.55 y la 12.0.6 o firmware Intel® Server Platform Services en versiones anteriores a la 4.x.04 podría permitir que un atacante con privilegios administrativos descubra ciertos secretos de la plataforma mediante acceso local o que pueda ejecutar código arbitrario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-28 CVE Reserved
- 2018-09-12 CVE Published
- 2023-09-06 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20180924-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us | 2019-10-03 |
| URL | Date | SRC |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Intel Search vendor "Intel" | Converged Security Management Engine Firmware Search vendor "Intel" for product "Converged Security Management Engine Firmware" | < 12.0.6 Search vendor "Intel" for product "Converged Security Management Engine Firmware" and version " < 12.0.6" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Server Platform Services Firmware Search vendor "Intel" for product "Server Platform Services Firmware" | < 4.00.04 Search vendor "Intel" for product "Server Platform Services Firmware" and version " < 4.00.04" | - |
Affected
| ||||||