Server Platform Services Firmware Security Vulnerabilities and Issues — Server Platform Services Firmware CVE List

IntelServer Platform Services Firmware

15 matches found

CVE•added 2019/12/18 9:8 p.m.•100 views

CVE-2019-11090

CVE-2019-11090 relates to cryptographic timing conditions in Intel components (CSME, SPS, TXE, AMT, PTT and DAL) that may allow an unauthenticated attacker to disclose information over the network. Affected are Intel CSME before 11.8.70/11.11.70/11.22.70 and 12.0.45; 13.0.0 and 14.0.10; Intel TXE...

5.9CVSS5.7AI score0.02323EPSS

CVE•added 2019/12/18 9:9 p.m.•91 views

CVE-2019-11109

CVE-2019-1119? is about a logic issue in the Intel SPS subsystem. Affected: Intel SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0, SPS_SoC-A_04.00.04.191.0. Issue: a privileged user may potentially cause a denial of service via local access. Connected documents indicate Intel ...

4.6CVSS4.5AI score0.00332EPSS

CVE•added 2019/05/17 3:41 p.m.•80 views

CVE-2019-0099

CVE-2019-0099 affects Intel SPS before SPS_E3_05.00.04.027.0, where insufficient access control could let an unauthenticated, physically proximate user escalate privileges via the SPS subsystem. The connected Intel advisory and F5 Traffix docs corroborate the vulnerable component (Intel SPS) and ...

6.8CVSS7.1AI score0.00401EPSS

CVE•added 2019/06/13 3:36 p.m.•67 views

CVE-2018-12147

CVE-2018-12147 affects Intel CSME (HECI) subsystem, Intel SPS, and TXE firmware. The issue is insufficient input validation that may allow a privileged user to escalate local privileges. Vulnerable states are Intel CSME before 11.21.55, SPS before 4.0 (Purley/Bakerville), and TXE firmware before ...

7.2CVSS6.6AI score0.00458EPSS

CVE•added 2017/11/21 2:0 p.m.•61 views

CVE-2017-5706

CVE-2017-5706 refers to multiple buffer overflows in the kernel of Intel Server Platform Services Firmware 4.0. The vulnerability allows an attacker with local access to execute arbitrary code on affected systems. The Siemens Update A and related advisories enumerate affected SPS firmware version...

7.8CVSS7.3AI score0.00686EPSS

CVE•added 2017/11/21 2:0 p.m.•59 views

CVE-2017-5709

CVE-2017-5709 corresponds to privilege-escalation flaws in Intel Server Platform Services Firmware 4.0. The Intel SPS kernel code could allow an unauthorized local process to access privileged content via an unspecified vector. The Huawei and CNVD entries confirm the same issue; MITRE/Intel advis...

7.8CVSS6.9AI score0.00576EPSS

CVE•added 2022/08/18 7:56 p.m.•59 views

CVE-2022-26074

CVE-2022-26074 concerns Intel SPS firmware: incomplete cleanup in a firmware subsystem may allow a privileged user to cause a local DoS. Affected products are Intel SPS before SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0. The Red Hat advisory and Intel INTEL-SA-00669 confirm the issue and reme...

4.4CVSS4.4AI score0.00196EPSS

CVE•added 2018/09/12 7:0 p.m.•58 views

CVE-2018-3643

CVE-2018-3643 concerns a vulnerability in Intel Power Management Controller (PMC) firmware affecting systems with Intel CSME before 11.8.55, 11.11.55, 11.21.55, or 12.0.6, and Intel Server Platform Services (SPS) firmware before 4.x.04. The flaw could allow an attacker with administrative privile...

8.2CVSS8.1AI score0.00501EPSS

CVE•added 2022/11/11 3:48 p.m.•58 views

CVE-2022-29515

CVE-2022-29515 describes a memory release failure in Intel® Server Platform Services (SPS) firmware that can permit a privileged local attacker to cause a denial of service. The issue affects SPS firmware prior to SPS_E3_06.00.03.035.0 (as stated in multiple sources); exploitation requires local ...

6CVSS5.1AI score0.00169EPSS

CVE•added 2019/03/14 8:0 p.m.•57 views

CVE-2018-12192

The CVE-2018-12192 issue is a logic bug in the Kernel subsystem of Intel CSME and related components (SPS, TXE, AMT) that may allow an unauthenticated user to bypass MEBx authentication via physical access. Affected products include Intel CSME, SPS, TXE, and AMT with affected firmware ranges cite...

7.2CVSS6.8AI score0.00467EPSS

CVE•added 2019/03/14 8:0 p.m.•57 views

CVE-2018-12198

CVE-2018-12198 involves Intel CSME ecosystem (CSME, SPS, TXE, AMT) where Insufficient input validation in the Intel Server Platform Services HECI subsystem before SPS_E5_04.00.04.393.0 may allow a privileged local user to cause a denial of service. Connected Intel advisories/Lenovo HP references ...

6CVSS5.9AI score0.0034EPSS

CVE•added 2019/03/14 8:0 p.m.•55 views

CVE-2018-12191

The CVE-2018-12191 issue affects Intel CSME, Intel Server Platform Services (SPS), and Intel TXE/AMT. It is a bounds-check vulnerability in the Kernel subsystem that could allow an unauthenticated user with physical access to potentially execute arbitrary code. Affected versions are: Intel CSME b...

7.6CVSS7.4AI score0.00482EPSS

CVE•added 2018/09/12 7:0 p.m.•54 views

CVE-2018-3655

The CVE-2018-3655 issue affects Intel CSME firmware before 11.21.55, Intel SPS before 4.0, and Intel TXE firmware before 3.1.55. The vulnerability allows an unauthenticated user with physical access to potentially modify or disclose information stored in the CSME/SPS/TXE subsystems. Exploitation ...

7.3CVSS6.4AI score0.00433EPSS

CVE•added 2022/11/11 3:48 p.m.•54 views

CVE-2022-29466

CVE-2022-29466 affects Intel SPS firmware prior to SPS_E3_04.01.04.700.0. The issue is improper input validation in the firmware, which may allow an authenticated user to cause a denial of service via local access. Affected product: Intel Server Platform Services (SPS) firmware; vulnerable compon...

7.3CVSS5.3AI score0.00171EPSS

CVE•added 2019/03/14 8:0 p.m.•50 views

CVE-2018-12208

Intel CVE-2018-12208 is a buffer overflow in the HECI subsystem affecting Intel CSME, TXE, and SPS prior to specified fixed versions. The Intel advisory INTEL-SA-00185 documents the issue, listing affected products and firmware families (CSME before 11.8.60/11.11.60/11.22.60 or 12.0.20; TXE befor...

7.6CVSS7.7AI score0.00511EPSS