What is CVE-2018-12185?

CVE-2018-12185 is a medium-severity vulnerability in Intel Converged_security_management_engine_firmware, classified under Improper Input Validation. CVSS score: 6.8/10. Published 2019-03-14.

How severe is CVE-2018-12185?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Improper input validation in Intel Converged_security_management_engine_firmware

CVE-2018-12185

Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (31.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Intel Converged_security_management_engine_firmware
Intel Corporation Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Active Management Technology — versions Multiple versions.

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secure@intel.com (x_refsource_CONFIRM, Vendor Advisory)
secure@intel.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-12185?: CVE-2018-12185 is a medium-severity vulnerability in Intel Converged_security_management_engine_firmware, classified under Improper Input Validation. CVSS score: 6.8/10. Published 2019-03-14.
How severe is CVE-2018-12185?: Medium severity. CVSS v3 base score is 6.8 out of 10.