CVE-2018-3659
First published: Wed Sep 12 2018(Updated: )
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Converged Security and Management Engine | <12.0.5 | |
| Intel Trusted Execution Engine | <4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-3659?
CVE-2018-3659 has a severity rating of medium, indicating a potential risk to systems with the affected firmware.
How do I fix CVE-2018-3659?
To mitigate CVE-2018-3659, update the Intel CSME firmware to version 12.0.5 or later, and Intel TXE firmware to version 4.0 or later.
Who is affected by CVE-2018-3659?
CVE-2018-3659 affects systems utilizing Intel Converged Security Management Engine firmware versions before 12.0.5 and Intel Trusted Execution Engine firmware versions before 4.0.
What kind of information can be disclosed due to CVE-2018-3659?
CVE-2018-3659 may allow an unauthenticated user to potentially disclose sensitive information if they have physical access to the affected systems.
Is physical access required to exploit CVE-2018-3659?
Yes, physical access to the device is necessary to exploit the CVE-2018-3659 vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/intel
- canonical/intel converged security and management engine
- canonical/intel trusted execution engine