CVE-2018-3655
Description
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Physical access allows unauthenticated modification or disclosure of information via a vulnerability in Intel CSME, SPS, and TXE subsystems.
Vulnerability
A vulnerability resides in a subsystem of Intel Converged Security and Management Engine (CSME) before version 11.21.55, Intel Server Platform Services (SPS) before version 4.0, and Intel Trusted Execution Engine Firmware (TXE) before version 3.1.55. The flaw can be triggered with physical access to the system, enabling an unauthenticated user to modify or disclose information. The affected versions are those prior to the stated updates [1].
Exploitation
An attacker requires physical access to the targeted device. No authentication or user interaction is necessary beyond the physical presence. The exact exploitation steps are not publicly detailed by Intel, but the vulnerability is reachable through the subsystem's interface accessible via hardware connections [1].
Impact
Successful exploitation allows an unauthenticated attacker with physical access to modify or disclose sensitive information. This could include reading or altering firmware data, configuration settings, or secure assets managed by CSME, SPS, or TXE. The compromise occurs at the platform hardware level, potentially affecting system integrity and confidentiality [1].
Mitigation
Intel released firmware updates to address the vulnerability: CSME version 11.21.55, SPS version 4.0, and TXE version 3.1.55. Affected users should apply these updates from their system or motherboard vendor. No workaround is available if the patches cannot be applied; physical security controls can reduce the risk. The vulnerability is not listed on the KEV catalog as of the publication date [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <4.0
- Range: <3.1.55
- Intel Corporation/Intel(R) CSME before version 11.21.55, Intel(R) Server Platform Services before version 4.0 and Intel(R) Trusted Execution Engine Firmwarev5Range: Versions before 11.21.55, 4.0 and 3.1.55.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.netapp.com/advisory/ntap-20180924-0003/mitrex_refsource_CONFIRM
- support.hpe.com/hpsc/doc/public/displaymitrex_refsource_CONFIRM
- www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.