CVE-2018-3655 - Vulnerability Details - OpenCVE

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Converged Security Management Engine Firmware Server Platform Services Firmware Trusted Execution Engine Firmware

Configuration 1 [-]

OR	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::
	cpe:2.3:o:intel:converged_security_management_engine_firmware::::::::

Configuration 2 [-]

cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2018-09-12T19:00:00Z

Updated: 2024-09-17T02:41:44.716Z

Reserved: 2017-12-28T00:00:00

Link: CVE-2018-3655

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-09-12T19:29:02.683

Modified: 2024-11-21T04:05:50.727

Link: CVE-2018-3655

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel(R) CSME before version 11.21.55, Intel(R) Server Platform Services before version 4.0 and Intel(R) Trusted Execution Engine Firmware", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "Versions before 11.21.55, 4.0 and 3.1.55."}]}], "datePublic": "2018-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege, Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-25T09:57:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2018-09-11T00:00:00", "ID": "CVE-2018-3655", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel(R) CSME before version 11.21.55, Intel(R) Server Platform Services before version 4.0 and Intel(R) Trusted Execution Engine Firmware", "version": {"version_data": [{"version_value": "Versions before 11.21.55, 4.0 and 3.1.55."}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege, Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us"}, {"name": "https://security.netapp.com/advisory/ntap-20180924-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:50:30.609Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-3655", "datePublished": "2018-09-12T19:00:00Z", "dateReserved": "2017-12-28T00:00:00", "dateUpdated": "2024-09-17T02:41:44.716Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DC5E648-8DD3-4313-BE9D-2CE595F40D91", "versionEndIncluding": "11.8.50", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A4E3031-2AB8-4CA2-9D85-55FE1F8BF7CC", "versionEndIncluding": "11.11.50", "versionStartIncluding": "11.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7781499E-1729-4890-901E-0A2B7EACF949", "versionEndIncluding": "11.21.51", "versionStartIncluding": "11.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9BE1C00-6AAB-4402-98B8-8D68DFF1358E", "versionEndExcluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8337C6A0-41B7-417D-BD0C-B65ACD99C5FF", "versionEndIncluding": "3.1.50", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access."}, {"lang": "es", "value": "Una vulnerabilidad en un subsistema en Intel CSME en versiones anteriores a la 11.21.55, Intel Server Platform Services en versiones anteriores a la 4.0 y el firmware Intel Trusted Execution Engine en versiones anteriores a la 3.1.55 podr\u00eda permitir que un usuario no autenticado modifique o divulgue informaci\u00f3n mediante acceso f\u00edsico."}], "id": "CVE-2018-3655", "lastModified": "2024-11-21T04:05:50.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-12T19:29:02.683", "references": [{"source": "secure@intel.com", "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"}, {"source": "secure@intel.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20180924-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}