Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00118
HistoryJul 10, 2018 - 12:00 a.m.

Intel® Converged Security Management Engine (Intel® CSME) 11.x issue

2018-07-1000:00:00
Intel Security Center
www.intel.com
11

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary:

In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience.

Description:

In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place affected platforms at risk.

Affected products:

The issues affects Intel® CSME 11.x used in consumer/corporate PCs, IOT devices, and workstations. The affected firmware version may be found on these products:

• 6th, 7th, & 8th Generation Intel® Core™ Processor Family

• Intel® Xeon® Processor E3-1200 v5 & v6 Product Family (Greenlow)

• Intel® Xeon® Processor W Family (Basin Falls)

CVE ID

|

CVE Title

|

CVSSv3 severity

|

CVSSv3 Vectors

—|—|—|—

CVE-2018-3627

|

Logic bug in Intel® Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access

|

7.5 (High)

|

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Recommendations:

Intel recommends that end users check with their system manufacturers and apply any available updates as soon as practical, based on the versions listed below, or higher:

Associated CPU Generation

|

Resolved Firmware versions or higher

—|—

6th Generation Intel® Core™ Processor Family

|

Intel® CSME 11.8.50

7th Generation Intel® Core™ Processor Family

|

Intel® CSME 11.8.50

8th Generation Intel® Core™ Processor Family

|

Intel® CSME 11.8.50

Intel® Xeon® Processor E3-1200 v5 & v6 Product Family

|

Intel® CSME 11.8.50

Intel® Xeon® Processor W Family

|

Intel® CSME 11.11.50

Acknowledgements:

CVE-2018-3627 was discovered by Intel as part of continuously improving the robustness of the Intel® Converged Security Management Engine (Intel® CSME).

Related

prion 1
cve 1
cvelist 1
nvd 1
lenovo 2
hp 1
prion
prion
Code injection
2018-07-10 21:29:00
cve
cve
CVE-2018-3627
2018-07-10 21:29:00
cvelist
cvelist
CVE-2018-3627
2018-07-10 21:00:00
nvd
nvd
CVE-2018-3627
2018-07-10 21:29:00
lenovo
lenovo
Intel® Management Engine 11.x issue - US
2018-07-12 16:10:00
Intel® Management Engine 11.x issue - Lenovo Support US
2018-07-12 16:10:00
hp
hp
HPSBHF03588 rev. 1 - Intel Q1 2018 Intel® Active Management Technology 9.x/10.x/11.x Security Review Cumulative Update and Intel® Management Engine 11.x Issue
2018-07-10 00:00:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for INTEL:INTEL-SA-00118
prion1cve1cvelist1nvd1lenovo2hp1