A potential vulnerability in the Intel® PTT module in Intel® CSME firmware and Intel® TXE firmware may allow information disclosure. Intel is releasing Intel® CSME firmware and Intel® TXE firmware updates to mitigate this potential vulnerability.
CVEID:** **CVE-2018-3659
Description: A vulnerability in Intel® PTT module in Intel® CSME firmware before version 12.0.5 and Intel® TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
CVSS Base Score:** **6.8 Medium
CVSS Vector:** **CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Intel® CSME:
Updated Intel® CSME Firmware version
|
Replaces Intel® CSME Firmware version
12.0.6
|
12.0 through 12.0.5
Intel® Trusted Execution Engine (TXE)
Updated TXE Firmware version
|
Replaces TXE Firmware version
3.1.55
|
3.0 through 3.1.50
4.0.5
|
4.0.0
Intel recommends that users of Intel® CSME and Intel® Trusted Execution Engine (TXE) update to the latest version provided by the system manufacturer that addresses these issues.
This issue was found internally by Intel.