intel converged-security-management-engine-firmware CVE-2018-3643 vulnerability in Intel Products
Published on September 12, 2018

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

NVD


Products Associated with CVE-2018-3643

stack.watch emails you whenever new vulnerabilities are published in Intel Converged Security Management Engine Firmware or Intel Server Platform Services Firmware. Just hit a watch button to start following.

Intel Converged Security Management Engine Firmware
 
Intel Server Platform Services Firmware
 

Affected Versions

Intel Corporation Intel(R) Converged Security and Management Engine (CSME) and Intel(R) Server Platform Services firmware Version CSME versions before 12.0.6 or Server Platform Services firmware before version 4.x.04. is affected by CVE-2018-3643

Exploit Probability

EPSS
0.16%
Percentile
36.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.