CVE-2018-3655

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.

CVSS v3.0 7.3 HIGH
CVSS v2.0 3.6 LOW

7.3^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Exploitability : 0.9 / Impact : 5.8

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html	Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20180924-0003/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::

Configuration 2 (hide)

cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*

Information

Published : 2018-09-12 12:29

Updated : 2019-10-02 17:03

NVD link : CVE-2018-3655

Mitre link : CVE-2018-3655

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

intel

server_platform_services_firmware
converged_security_management_engine_firmware
trusted_execution_engine_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://security.netapp.com/advisory/ntap-20180924-0003/", "name": "https://security.netapp.com/advisory/ntap-20180924-0003/", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-3655", "ASSIGNER": "secure@intel.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 0.9}}, "publishedDate": "2018-09-12T19:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.21.51", "versionStartIncluding": "11.20"}, {"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.11.50", "versionStartIncluding": "11.10"}, {"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.8.50", "versionStartIncluding": "11.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.1.50", "versionStartIncluding": "3.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}

7.3 /10

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

3.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2018-3655

7.3^/10

3.6^/10

Attach tags to `CVE-2018-3655`