VYPR

Converged Security and Management Engine (CSME) Firmware

by Intel

CVEs (6)

  • CVE-2018-3643HigSep 12, 2018
    risk 0.53cvss 8.2epss 0.01

    A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker…

  • CVE-2025-20037HigAug 12, 2025
    risk 0.47cvss 7.2epss 0.00

    Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2018-3659MedSep 12, 2018
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.

  • CVE-2025-27708MedFeb 10, 2026
    risk 0.27cvss 4.1epss 0.00

    Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) within Ring 0: Kernel may allow an information disclosure. System software adversary with a privileged user combined with a low complexity attack may enable data…

  • CVE-2022-38102Aug 11, 2023
    risk 0.00cvss epss 0.00

    Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2020-24507Jun 9, 2021
    risk 0.00cvss epss 0.00

    Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.