Vulnerability Description
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Converged Security Management Engine Firmware | < 12.0.6 |
| Intel | Server Platform Services Firmware | < 4.00.04 |
References
- https://security.netapp.com/advisory/ntap-20180924-0002/Third Party Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpePatchThird Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.Vendor Advisory
- https://security.netapp.com/advisory/ntap-20180924-0002/Third Party Advisory
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpePatchThird Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.Vendor Advisory
FAQ
What is CVE-2018-3643?
CVE-2018-3643 is a vulnerability with a CVSS score of 8.2 (HIGH). A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R...
How severe is CVE-2018-3643?
CVE-2018-3643 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3643?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Converged Security Management Engine Firmware, Intel Server Platform Services Firmware.