Summary:
In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience.
Description:
In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place affected platforms at risk.
Affected products:
The issues affects Intel® CSME 11.x used in consumer/corporate PCs, IOT devices, and workstations. The affected firmware version may be found on these products:
• 6th, 7th, & 8th Generation Intel® Core™ Processor Family
• Intel® Xeon® Processor E3-1200 v5 & v6 Product Family (Greenlow)
• Intel® Xeon® Processor W Family (Basin Falls)
CVE ID
|
CVE Title
|
CVSSv3 severity
|
CVSSv3 Vectors
—|—|—|—
CVE-2018-3627
|
Logic bug in Intel® Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access
|
7.5 (High)
|
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Recommendations:
Intel recommends that end users check with their system manufacturers and apply any available updates as soon as practical, based on the versions listed below, or higher:
Associated CPU Generation
|
Resolved Firmware versions or higher
—|—
6th Generation Intel® Core™ Processor Family
|
Intel® CSME 11.8.50
7th Generation Intel® Core™ Processor Family
|
Intel® CSME 11.8.50
8th Generation Intel® Core™ Processor Family
|
Intel® CSME 11.8.50
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
|
Intel® CSME 11.8.50
Intel® Xeon® Processor W Family
|
Intel® CSME 11.11.50
Acknowledgements:
CVE-2018-3627 was discovered by Intel as part of continuously improving the robustness of the Intel® Converged Security Management Engine (Intel® CSME).