CVE-2018-12147: Input Validation
First published: Thu Jun 13 2019(Updated: )
Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Converged Security Management Engine Firmware | >=11.0<=11.8.50 | |
| Intel Converged Security Management Engine Firmware | >=11.10<=11.11.50 | |
| Intel Converged Security Management Engine Firmware | >=11.20<=11.21.51 | |
| Intel Server Platform Services Firmware | <4.0 | |
| Intel Trusted Execution Engine Firmware | >=3.0<=3.1.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-12147?
CVE-2018-12147 is a vulnerability related to insufficient input validation in the HECI subsystem in Intel(R) CSME, Intel(R) Server Platform Services, and Intel(R) Trusted Execution Engine Firmware.
What is the severity of CVE-2018-12147?
CVE-2018-12147 has a severity value of 6.7 (high).
Which software versions are affected by CVE-2018-12147?
CVE-2018-12147 affects Intel Converged Security Management Engine Firmware versions 11.0 to 11.8.50, 11.10 to 11.11.50, and 11.20 to 11.21.51, Intel Server Platform Services Firmware up to version 4.0, and Intel Trusted Execution Engine Firmware versions 3.0 to 3.1.50.
How can a privileged user exploit CVE-2018-12147?
A privileged user can potentially enable the escalation of privileges through local access.
Where can I find more information about CVE-2018-12147?
More information about CVE-2018-12147 can be found at the following links: [Intel SA-00125](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html) and [Intel SA-00125 (Keywords: 2018-12147)](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147).
- collector/nvd-index
- vendor/intel
- canonical/intel converged security management engine firmware
- version/intel converged security management engine firmware/11.0
- version/intel converged security management engine firmware/11.8.50
- version/intel converged security management engine firmware/11.10
- version/intel converged security management engine firmware/11.11.50
- version/intel converged security management engine firmware/11.20
- version/intel converged security management engine firmware/11.21.51
- canonical/intel server platform services firmware
- canonical/intel trusted execution engine firmware
- version/intel trusted execution engine firmware/3.0
- version/intel trusted execution engine firmware/3.1.50