A potential security vulnerability in Intel® CSME, Intel® Server Platform Services and Intel® Trusted Execution Engine Firmware may allow information disclosure. Intel is releasing Intel® CSME, Intel® Server Platform Services and Intel® Trusted Execution Engine updates to mitigate this potential vulnerability.
CVEID:** **CVE-2018-3655
Description: A vulnerability in a subsystem in Intel® CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
CVSS Base Score:** **7.3 High
CVSS Vector:** **CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CVEID:** **CVE-2018-12147
Description: Insufficient input validation in HECI subsystem in Intel® CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
CVSS Base Score:** **7.5 High
CVSS Vector:** **CVSS:3.0AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
This vulnerability affects Intel® CSME firmware versions: 11.0 through 11.8.50; 11.10 through 11.11.50; 11.20 through 11.21.51, Intel® Server Platform Services firmware version 4.0 (on Purley and Bakerville only) and Intel® TXE version 3.0 through 3.1.50.
Systems using Intel® CSME firmware versions prior to 11.0/****Intel® Server Platform Services 4.0/TXE 3.0 or using firmware versions 11.8.55/11.11.55/11.21.55/****Intel® Server Platform Services 5.0 and higher/TXE 3.1.55 or higher are not affected by this vulnerability.
Intel® CSME:
Updated Intel® CSME Firmware version
|
Replaces Intel® CSME Firmware version
11.8.55
|
11.8.50.3399
11.11.55
|
11.11.50.1402
11.21.55
|
11.21.50.1400
Intel® Server Platform Service
Updated SPS Firmware version
|
Replaces SPS Firmware version
SPS_SoC-A_04.00.04.177.0
|
SPS_SoC-A_04.00.04.172.0
SPS_SoC-X_04.00.04.077.0
|
SPS_SoC-X_04.00.04.057.0
SPS_E5_04.00.04.381.0
|
SPS_E5_04.00.04.340.0
Intel® Trusted Execution Engine (TXE)
Updated TXE Firmware version
|
Replaces TXE Firmware version
3.1.55
|
3.1.50.2222
An unauthenticated user with physical access could potentially:
• Bypass Intel® CSME anti-replay protection, which may allow brute force attacks to expose information stored inside the Intel® CSME.
• Gain unauthorized access to the Intel® MEBX password.
• Tamper with the integrity of the Intel® CSME file system directories or the Server Platform Services and Trusted Execution Environment (Intel® TXE) data files.
Mitigations described in INTEL-SA-00086 do not prevent the issue since a user with physical access to the system may be able to roll back to an earlier Intel® CSME firmware affected by CVE-2017-5705, CVE-2017-5706 and CVE-2017-5707.
Intel recommends that users of Intel® CSME, Intel® Server Platform Service and Intel® Trusted Execution Engine (TXE) update to the latest version provided by the system manufacturer that addresses these issues.
Intel would like to thank Dmitry Sklyarov and Maxim Goryachy from Positive Technologies for reporting this issue and working with Intel Corporation on coordinated public disclosure. CVE-2018-12147 was found by Intel employees and also subsequently also reported by Maxim Goryachy from Positive Technologies.