CVE-2018-3643
Description
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local administrative users can exploit a vulnerability in Intel CSME or SPS firmware to uncover platform secrets or execute arbitrary code.
Vulnerability
A vulnerability exists in the Power Management Controller firmware within systems using specific Intel Converged Security and Management Engine (CSME) versions prior to 11.8.55, 11.11.55, 11.21.55, 12.0.6, or Intel Server Platform Services (SPS) firmware versions prior to 4.x.04. The issue allows an attacker with administrative privileges to potentially uncover certain platform secrets or execute arbitrary code via local access [1].
Exploitation
An attacker must already have administrative privileges on the target system and local access to the machine. The exploitation does not require user interaction beyond the attacker's own actions. The attack vector is local, meaning the adversary must be able to interact physically or through a local terminal with the system software [1].
Impact
Successful exploitation could lead to disclosure of platform secrets (confidentiality breach) or arbitrary code execution (integrity and availability impact). The attacker could gain further control over the platform beyond their administrative privileges, potentially affecting the security of the entire system [1].
Mitigation
Intel has released firmware updates: Intel CSME versions 11.8.55, 11.11.55, 11.21.55, 12.0.6, and Intel SPS version 4.x.04 or later. System administrators should apply these updates from the respective system vendor. No workarounds are mentioned in the advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: < 4.x.04
- Range: < 11.8.55, < 11.11.55, < 11.21.55, < 12.0.6
- Intel Corporation/Intel(R) Converged Security and Management Engine (CSME) and Intel(R) Server Platform Services firmwarev5Range: CSME versions before 12.0.6 or Server Platform Services firmware before version 4.x.04.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.netapp.com/advisory/ntap-20180924-0002/mitrex_refsource_CONFIRM
- support.hpe.com/hpsc/doc/public/displaymitrex_refsource_CONFIRM
- www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.