VYPR

CSME

by Intel

CVEs (55)

  • CVE-2020-0539MedJun 15, 2020
    risk 0.36cvss 5.5epss 0.00

    Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

  • CVE-2020-8761MedNov 12, 2020
    risk 0.30cvss 4.6epss 0.00

    Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2020-8751MedNov 12, 2020
    risk 0.30cvss 4.6epss 0.00

    Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2018-12188MedMar 14, 2019
    risk 0.30cvss 4.6epss 0.00

    Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.

  • CVE-2023-34424MedAug 14, 2024
    risk 0.29cvss 4.4epss 0.00

    Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2020-24506MedJun 9, 2021
    risk 0.29cvss 4.4epss 0.00

    Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2020-0545MedJun 15, 2020
    risk 0.29cvss 4.4epss 0.00

    Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0,…

  • CVE-2019-11102MedDec 18, 2019
    risk 0.29cvss 4.4epss 0.00

    Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local…

  • CVE-2019-11101MedDec 18, 2019
    risk 0.29cvss 4.4epss 0.00

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0168MedDec 18, 2019
    risk 0.29cvss 4.4epss 0.00

    Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2019-0165MedDec 18, 2019
    risk 0.29cvss 4.4epss 0.00

    Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2019-0093MedMay 17, 2019
    risk 0.29cvss 4.4epss 0.00

    Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.

  • CVE-2018-12189MedMar 14, 2019
    risk 0.29cvss 4.4epss 0.00

    Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.

  • CVE-2024-21844MedAug 14, 2024
    risk 0.28cvss 4.3epss 0.00

    Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2023-48361LowAug 14, 2024
    risk 0.15cvss 2.3epss 0.00

    Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.

Page 3 of 3