CVE-2018-12208

CVE Database · CVE-2018-12208

CVE-2018-12208

· N/AModified

CVSS v3.1

N/A

EPSS

0.51%

Published

Mar 14, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

Weaknesses (CWE)

CWE-119

Affected Products (7)

intel · converged_security_management_engine_firmware (up to 11.8.60)vulnerable

intel · converged_security_management_engine_firmware (up to 11.11.60)vulnerable

intel · converged_security_management_engine_firmware (up to 11.22.60)vulnerable

intel · converged_security_management_engine_firmware (up to 12.0.20)vulnerable

intel · server_platform_services_firmware (up to 5.00.04.012)vulnerable

intel · trusted_execution_engine_firmware (up to 3.1.60)vulnerable

intel · trusted_execution_engine_firmware (up to 4.0.10)vulnerable

References (6)

https://security.netapp.com/advisory/ntap-20190318-0001/