CVE-2018-3643 Information

Description

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55 11.11.55 11.21.55 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

https://security.netapp.com/advisory/ntap-20180924-0002/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.2