VYPR

CSME

by Intel

CVEs (55)

  • CVE-2020-8705MedNov 12, 2020
    risk 0.44cvss 6.8epss 0.01

    Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400,…

  • CVE-2020-0541MedJun 15, 2020
    risk 0.44cvss 6.7epss 0.00

    Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2020-0533MedJun 15, 2020
    risk 0.44cvss 6.7epss 0.00

    Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

  • CVE-2019-14598MedFeb 13, 2020
    risk 0.44cvss 6.7epss 0.00

    Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information…

  • CVE-2019-11110MedDec 18, 2019
    risk 0.44cvss 6.7epss 0.00

    Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11108MedDec 18, 2019
    risk 0.44cvss 6.7epss 0.00

    Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11106MedDec 18, 2019
    risk 0.44cvss 6.7epss 0.00

    Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2019-11105MedDec 18, 2019
    risk 0.44cvss 6.7epss 0.00

    Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local access.

  • CVE-2019-11087MedDec 18, 2019
    risk 0.44cvss 6.7epss 0.00

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information…

  • CVE-2018-12147MedJun 13, 2019
    risk 0.44cvss 6.7epss 0.00

    Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of…

  • CVE-2019-0098MedMay 17, 2019
    risk 0.44cvss 6.8epss 0.00

    Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2018-12196MedMar 14, 2019
    risk 0.44cvss 6.7epss 0.00

    Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.

  • CVE-2018-12192MedMar 14, 2019
    risk 0.44cvss 6.8epss 0.00

    Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.

  • CVE-2018-12190MedMar 14, 2019
    risk 0.44cvss 6.7epss 0.00

    Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.

  • CVE-2018-12185MedMar 14, 2019
    risk 0.44cvss 6.8epss 0.00

    Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

  • CVE-2018-3657MedSep 12, 2018
    risk 0.44cvss 6.7epss 0.01

    Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

  • CVE-2020-8755MedNov 12, 2020
    risk 0.42cvss 6.4epss 0.00

    Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2018-12199MedMar 14, 2019
    risk 0.40cvss 6.2epss 0.00

    Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.

  • CVE-2025-20067MedAug 12, 2025
    risk 0.39cvss 6.0epss 0.00

    Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2023-40067MedAug 14, 2024
    risk 0.37cvss 5.7epss 0.00

    Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.