Server Platform Services Firmware Security Vulnerabilities and Issues — Server Platform Services Firmware CVE List

Lucene search

IntelServer Platform Services Firmware

8 matches found

CVE•added 2019/12/18 10:15 p.m.•89 views

CVE-2019-11090

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, ...

5.9CVSS5.7AI score0.0078EPSS

CVE•added 2019/12/18 10:15 p.m.•79 views

CVE-2019-11109

Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.

4.6CVSS4.5AI score0.00099EPSS

CVE•added 2019/05/17 4:29 p.m.•68 views

CVE-2019-0099

Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

6.8CVSS7.1AI score0.00076EPSS

CVE•added 2019/06/13 4:29 p.m.•55 views

CVE-2018-12147

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access...

7.2CVSS6.6AI score0.00045EPSS

CVE•added 2019/03/14 8:29 p.m.•44 views

CVE-2018-12198

Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access.

6CVSS5.9AI score0.00135EPSS

CVE•added 2019/03/14 8:29 p.m.•42 views

CVE-2018-12191

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitr...

7.6CVSS7.4AI score0.00246EPSS

CVE•added 2019/03/14 8:29 p.m.•40 views

CVE-2018-12192

Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.

7.2CVSS6.8AI score0.00072EPSS

CVE•added 2019/03/14 8:29 p.m.•38 views

CVE-2018-12208

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via phy...

7.6CVSS7.7AI score0.00401EPSS