Vulnerability in Intel Converged_security_management_engine_firmware
CVE-2018-3627
Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
EPSS: 0.005 (40.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Intel Converged_security_management_engine_firmware — versions 11.0
- Intel Core_i3 — versions 6006u, 6098p, 6100
- Intel Core_i5 — versions 7y54, 7y57, 6200u
- Intel Core_i7 — versions 7y75, 6500u, 6560u
- Intel Core_i9 — versions 8950hk
- Intel Xeon_e3_1220_v5
- Intel Xeon_e3_1220_v6
- Intel Xeon_e3_1225_v5
- Intel Xeon_e3_1225_v6
- Intel Xeon_e3_1230_v5
References
- secure@intel.com (x_refsource_CONFIRM, Vendor Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2018-3627?
- CVE-2018-3627 is a high-severity vulnerability in Intel Converged_security_management_engine_firmware. CVSS score: 8.2/10. Published 2018-07-10.
- How severe is CVE-2018-3627?
- High severity. CVSS v3 base score is 8.2 out of 10.