Intel Security CenterINTEL:INTEL-SA-00125Intel® CSME Assets Advisory
Summary:
A potential security vulnerability in Intel® CSME, Intel® Server Platform Services and Intel® Trusted Execution Engine Firmware may allow information disclosure. Intel is releasing Intel® CSME, Intel® Server Platform Services and Intel® Trusted Execution Engine updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID:** **CVE-2018-3655
Description: A vulnerability in a subsystem in Intel® CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
CVSS Base Score:** **7.3 High
CVSS Vector:** **CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CVEID:** **CVE-2018-12147
Description: Insufficient input validation in HECI subsystem in Intel® CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
CVSS Base Score:** **7.5 High
CVSS Vector:** **CVSS:3.0AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
This vulnerability affects Intel® CSME firmware versions: 11.0 through 11.8.50; 11.10 through 11.11.50; 11.20 through 11.21.51, Intel® Server Platform Services firmware version 4.0 (on Purley and Bakerville only) and Intel® TXE version 3.0 through 3.1.50.
Systems using Intel® CSME firmware versions prior to 11.0/****Intel® Server Platform Services 4.0/TXE 3.0 or using firmware versions 11.8.55/11.11.55/11.21.55/****Intel® Server Platform Services 5.0 and higher/TXE 3.1.55 or higher are not affected by this vulnerability.
Intel® CSME:
Updated Intel® CSME Firmware version
|
Replaces Intel® CSME Firmware version
11.8.55
|
11.8.50.3399
11.11.55
|
11.11.50.1402
11.21.55
|
11.21.50.1400
Intel® Server Platform Service
Updated SPS Firmware version
|
Replaces SPS Firmware version
SPS_SoC-A_04.00.04.177.0
|
SPS_SoC-A_04.00.04.172.0
SPS_SoC-X_04.00.04.077.0
|
SPS_SoC-X_04.00.04.057.0
SPS_E5_04.00.04.381.0
|
SPS_E5_04.00.04.340.0
Intel® Trusted Execution Engine (TXE)
Updated TXE Firmware version
|
Replaces TXE Firmware version
3.1.55
|
3.1.50.2222
An unauthenticated user with physical access could potentially:
• Bypass Intel® CSME anti-replay protection, which may allow brute force attacks to expose information stored inside the Intel® CSME.
• Gain unauthorized access to the Intel® MEBX password.
• Tamper with the integrity of the Intel® CSME file system directories or the Server Platform Services and Trusted Execution Environment (Intel® TXE) data files.
Mitigations described in INTEL-SA-00086 do not prevent the issue since a user with physical access to the system may be able to roll back to an earlier Intel® CSME firmware affected by CVE-2017-5705, CVE-2017-5706 and CVE-2017-5707.
Recommendations:
Intel recommends that users of Intel® CSME, Intel® Server Platform Service and Intel® Trusted Execution Engine (TXE) update to the latest version provided by the system manufacturer that addresses these issues.
Acknowledgements:
Intel would like to thank Dmitry Sklyarov and Maxim Goryachy from Positive Technologies for reporting this issue and working with Intel Corporation on coordinated public disclosure. CVE-2018-12147 was found by Intel employees and also subsequently also reported by Maxim Goryachy from Positive Technologies.
Related
