Vulnerability Details CVE-2018-12192
Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.4%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
- https://security.netapp.com/advisory/ntap-20190318-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us
- https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
- https://security.netapp.com/advisory/ntap-20190318-0001/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03914en_us
- https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Products affected by CVE-2018-12192
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.10
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.50
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.11.55
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.20
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.21.51
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.22.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.8.50
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:11.8.55
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:12.0.0
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:12.0.10
-
cpe:2.3:o:intel:converged_security_management_engine_firmware:12.0.5
-
cpe:2.3:o:intel:server_platform_services_firmware:3.0.6.267.4
-
cpe:2.3:o:intel:server_platform_services_firmware:4.0
-
cpe:2.3:o:intel:server_platform_services_firmware:4.00.04.367
-
cpe:2.3:o:intel:server_platform_services_firmware:4.00.04.382
-
cpe:2.3:o:intel:server_platform_services_firmware:4.00.04.383
-
cpe:2.3:o:intel:server_platform_services_firmware:4.01.00.152.0
-
cpe:2.3:o:intel:server_platform_services_firmware:4.01.02.173
-
cpe:2.3:o:intel:server_platform_services_firmware:4.01.02.174
-
cpe:2.3:o:intel:server_platform_services_firmware:5.00.04.012
-
cpe:2.3:o:intel:server_platform_services_firmware:sps_e3_04.01.00.000.0
-
cpe:2.3:o:intel:server_platform_services_firmware:sps_e3_04.01.04.085.0
-
cpe:2.3:o:intel:server_platform_services_firmware:sps_e3_04.01.04.086.0
-
cpe:2.3:o:intel:server_platform_services_firmware:sps_e3_04.01.04.700.0
-
cpe:2.3:o:intel:server_platform_services_firmware:sps_e3_05.00.04.027.0
-
cpe:2.3:o:intel:server_platform_services_firmware:sps_e3_06.00.03.035.0
-
cpe:2.3:o:intel:server_platform_services_firmware:sps_e5_04.00.00.000.0