Converged Security Management Engine Firmware Security Vulnerabilities and Issues — Converged Security Management Engine Firmware CVE List

Lucene search

IntelConverged Security Management Engine Firmware

17 matches found

CVE•added 2019/05/17 4:29 p.m.•113 views

CVE-2019-0086

Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

7.8CVSS7.7AI score0.00136EPSS

CVE•added 2019/05/17 4:29 p.m.•85 views

CVE-2019-0098

Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

7.2CVSS7.2AI score0.00167EPSS

CVE•added 2019/12/18 10:15 p.m.•81 views

CVE-2019-11147

Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before; INTEL...

7.8CVSS8.1AI score0.00391EPSS

CVE•added 2018/09/12 7:29 p.m.•76 views

CVE-2018-3657

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

7.2CVSS6.7AI score0.00299EPSS

CVE•added 2019/12/18 10:15 p.m.•76 views

CVE-2019-11103

Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8CVSS8.1AI score0.00137EPSS

CVE•added 2019/12/18 10:15 p.m.•76 views

CVE-2019-11104

Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8CVSS8.1AI score0.00148EPSS

CVE•added 2020/06/15 2:15 p.m.•61 views

CVE-2020-0534

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.

7.5CVSS7.3AI score0.00916EPSS

CVE•added 2020/06/15 2:15 p.m.•56 views

CVE-2020-0536

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

7.5CVSS7.2AI score0.00897EPSS

CVE•added 2019/06/13 4:29 p.m.•55 views

CVE-2018-12147

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access...

7.2CVSS6.6AI score0.00045EPSS

CVE•added 2020/06/15 2:15 p.m.•55 views

CVE-2020-0542

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

7.8CVSS7.5AI score0.00088EPSS

CVE•added 2023/08/11 3:15 a.m.•48 views

CVE-2022-38102

Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.

7.2CVSS4.5AI score0.00014EPSS

CVE•added 2023/08/11 3:15 a.m.•46 views

CVE-2022-29871

Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8CVSS7.7AI score0.0006EPSS

CVE•added 2019/03/14 8:29 p.m.•42 views

CVE-2018-12191

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitr...

7.6CVSS7.4AI score0.00246EPSS

CVE•added 2019/03/14 8:29 p.m.•40 views

CVE-2018-12192

Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.

7.2CVSS6.8AI score0.00072EPSS

CVE•added 2018/09/12 7:29 p.m.•40 views

CVE-2018-3655

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.

7.3CVSS6.4AI score0.0018EPSS

CVE•added 2019/03/14 8:29 p.m.•38 views

CVE-2018-12208

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via phy...

7.6CVSS7.7AI score0.00401EPSS

CVE•added 2019/03/14 8:29 p.m.•36 views

CVE-2018-12199

Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.

7.2CVSS6.9AI score0.00152EPSS