Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Converged_security_management_engine_firmware
(Intel)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-09-12 | CVE-2018-3616 | Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. | Active_management_technology_firmware, Converged_security_management_engine_firmware, Manageability_engine_firmware, Simatic_field_pg_m5_firmware, Simatic_ipc427e_firmware, Simatic_ipc477e_firmware, Simatic_ipc547e_firmware, Simatic_ipc627d_firmware, Simatic_ipc647d_firmware, Simatic_ipc677d_firmware, Simatic_ipc827d_firmware, Simatic_ipc847d_firmware, Simatic_itp1000_firmware, Simatic_pc547g_firmware | 5.9 | ||
| 2018-09-12 | CVE-2018-3657 | Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. | Active_management_technology_firmware, Converged_security_management_engine_firmware, Manageability_engine_firmware, Simatic_field_pg_m5_firmware, Simatic_ipc427e_firmware, Simatic_ipc477e_firmware, Simatic_ipc547e_firmware, Simatic_ipc627d_firmware, Simatic_ipc647d_firmware, Simatic_ipc677d_firmware, Simatic_ipc827d_firmware, Simatic_ipc847d_firmware, Simatic_itp1000_firmware, Simatic_pc547g_firmware | 6.7 | ||
| 2020-02-13 | CVE-2019-14598 | Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | Converged_security_management_engine_firmware, Steelstore_cloud_integrated_storage | 6.7 | ||
| 2019-12-18 | CVE-2019-11105 | Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access. | Converged_security_management_engine_firmware | 6.7 | ||
| 2020-06-15 | CVE-2020-0533 | Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | Converged_security_management_engine_firmware | 6.7 | ||
| 2020-06-15 | CVE-2020-0542 | Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. | Converged_security_management_engine_firmware | 7.8 | ||
| 2018-07-10 | CVE-2018-3627 | Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access. | Converged_security_management_engine_firmware, Element_software_management_node | 8.2 | ||
| 2019-03-14 | CVE-2018-12191 | Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access. | Converged_security_management_engine_firmware, Server_platform_services_firmware, Trusted_execution_engine_firmware | N/A | ||
| 2019-06-13 | CVE-2018-12147 | Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, IntelĀ® Server Platform Services before version 4.0 and IntelĀ® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. | Converged_security_management_engine_firmware, Server_platform_services_firmware, Trusted_execution_engine_firmware | 6.7 | ||
| 2020-06-15 | CVE-2020-0545 | Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. | Converged_security_management_engine_firmware, Server_platform_services, Trusted_execution_engine | N/A |