Vulnerability Description
Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
CVSS Score
8.2
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Converged Security Management Engine Firmware | 11.0 |
| Intel | Core I3 | 6006u |
| Intel | Core I5 | 7y54 |
| Intel | Core I7 | 7y75 |
| Intel | Core I9 | 8950hk |
| Intel | Xeon E3 1220 V5 | - |
| Intel | Xeon E3 1220 V6 | - |
| Intel | Xeon E3 1225 V5 | - |
| Intel | Xeon E3 1225 V6 | - |
| Intel | Xeon E3 1230 V5 | - |
| Intel | Xeon E3 1230 V6 | - |
| Intel | Xeon E3 1235L V5 | - |
| Intel | Xeon E3 1240 V5 | - |
| Intel | Xeon E3 1240 V6 | - |
| Intel | Xeon E3 1240L V5 | - |
| Intel | Xeon E3 1245 V5 | - |
| Intel | Xeon E3 1245 V6 | - |
| Intel | Xeon E3 1260L V5 | - |
| Intel | Xeon E3 1270 V5 | - |
| Intel | Xeon E3 1270 V6 | - |
References
- https://security.netapp.com/advisory/ntap-20190327-0006/Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.Vendor Advisory
- https://security.netapp.com/advisory/ntap-20190327-0006/Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.Vendor Advisory
FAQ
What is CVE-2018-3627?
CVE-2018-3627 is a vulnerability with a CVSS score of 8.2 (HIGH). Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
How severe is CVE-2018-3627?
CVE-2018-3627 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3627?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Converged Security Management Engine Firmware, Intel Core I3, Intel Core I5, Intel Core I7, Intel Core I9.