1. Home
  2. CVE Database
  3. CVE-2018-12199
MEDIUM · 6.2

CVE-2018-12199

Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute...

Vulnerability Description

Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.

CVSS Score

6.2

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IntelConverged Security Management Engine Firmware>= 11.0, < 11.8.60
IntelTrusted Execution Engine Firmware>= 3.0, < 3.1.60

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2018-12199?

CVE-2018-12199 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute...

How severe is CVE-2018-12199?

CVE-2018-12199 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12199?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Converged Security Management Engine Firmware, Intel Trusted Execution Engine Firmware.