cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-38102,https://securityvulnerability.io/vulnerability/CVE-2022-38102,Improper Input Validation in Intel Converged Security and Management Engine Affects User Access,"A flaw in the firmware of Intel Converged Security and Management Engine allows improperly validated inputs, enabling a privileged user to potentially induce a denial of service scenario through local access. This could result in operational disruptions if exploited, impacting system integrity and availability.",Intel,Intel(r) Converged Security And Management Engine,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-08-11T02:36:56.232Z,0
CVE-2021-33087,https://securityvulnerability.io/vulnerability/CVE-2021-33087,Improper Authentication in Intel NUC M15 Laptop Kit Management Engine Driver Pack,"The installer for the Intel NUC M15 Laptop Kit Management Engine Driver Pack prior to version 15.0.10.1508 contains a flaw that may allow an authenticated user to exploit local access, potentially leading to a denial of service condition. This issue underscores the importance of securing installation processes and highlights the need for timely updates to mitigate such risks.",Intel,Intel(r) Nuc M15 Laptop Kit Management Engine Driver Pack,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-17T18:53:57.000Z,0
CVE-2019-11097,https://securityvulnerability.io/vulnerability/CVE-2019-11097,Improper Directory Permissions in Intel Management Engine Driver,"The vulnerability involves improper directory permissions in the installer for Intel Management Engine Consumer Driver and TXE, potentially allowing an authenticated user to escalate privileges through local access. This can lead to unauthorized access and manipulation of system functionalities. Users are encouraged to update to the latest versions to mitigate potential risks.",Intel,Intel(r) Management Engine,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-12-18T21:08:22.000Z,0
CVE-2019-0091,https://securityvulnerability.io/vulnerability/CVE-2019-0091,Code Injection Vulnerability in Intel CSME and TXE Products,"A code injection vulnerability exists in the installer for Intel CSME and Intel TXE, which may enable an unprivileged user to escalate their privileges through local access. Affected versions include CSME versions earlier than 11.8.65, 11.11.65, 11.22.65, and 12.0.35, as well as TXE versions prior to 3.1.65 and 4.0.15. Users are advised to update to the latest versions to mitigate this risk.",Intel,"Intel(r) Converged Security & Management Engine (csme), Intel (r) Trusted Execution Engine Interface (txe)",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-05-17T15:41:38.000Z,0
CVE-2019-0093,https://securityvulnerability.io/vulnerability/CVE-2019-0093,Insufficient Data Sanitization Vulnerability in Intel CSME and SPS Systems,"A significant vulnerability in the Intel HECI subsystem affects the CSME and SPS products, due to insufficient data sanitization. This flaw allows a privileged user to potentially disclose sensitive information through local access. Users operating under these affected versions are urged to evaluate their systems and apply necessary updates to safeguard against potential exploits.",Intel,"Intel(r) Converged Security & Management Engine (csme), Intel(r) Server Platform Services (sps)",4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-05-17T15:41:38.000Z,0
CVE-2019-0090,https://securityvulnerability.io/vulnerability/CVE-2019-0090,Insufficient Access Control in Intel(R) CSME and Server Platform Services,"An insufficient access control vulnerability exists in the Intel(R) CSME, TXE, and Server Platform Services prior to specific versions. This flaw could allow an unauthenticated user with physical access to exploit the vulnerability and potentially escalate privileges, posing significant security risks to affected systems.",Intel,"Intel(r) Converged Security & Management Engine (csme), Intel(r) Server Platform Services (sps)",7.1,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2019-05-17T15:41:38.000Z,0
CVE-2019-0086,https://securityvulnerability.io/vulnerability/CVE-2019-0086,Insufficient Access Control in Intel Dynamic Application Loader Software,"An insufficient access control vulnerability exists in the Dynamic Application Loader for Intel software. Unprivileged users may exploit this vulnerability to escalate their privileges through local access, potentially compromising system integrity. The affected versions include Intel CSME prior to 11.8.65 and certain releases thereafter, as well as specific versions of Intel TXE.",Intel,"Intel(r) Converged Security & Management Engine (csme) Dynamic Application Loader, Intel (r) Trusted Execution Engine Interface (txe)",7.8,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2019-05-17T15:41:38.000Z,0
CVE-2019-0098,https://securityvulnerability.io/vulnerability/CVE-2019-0098,Logic Bug Vulnerability in Intel CSME and TXE Products,"A logic bug has been identified in the Intel CSME before version 12.0.35 and Intel TXE before versions 3.1.65 and 4.0.15. This vulnerability allows an unauthenticated user with physical access to potentially escalate privileges, posing a significant security threat. Organizations using affected products should consider mitigations and updates to safeguard their systems from unauthorized access.",Intel,"Intel(r) Converged Security & Management Engine (csme), Intel (r) Trusted Execution Engine Interface (txe)",6.8,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2019-05-17T15:41:38.000Z,0
CVE-2019-0153,https://securityvulnerability.io/vulnerability/CVE-2019-0153,Buffer Overflow Vulnerability in Intel CSME Products,"A buffer overflow vulnerability exists within the Intel CSME subsystem, present in versions 12.0.0 through 12.0.34. This flaw may allow an unauthenticated user to exploit the vulnerability remotely, potentially leading to privilege escalation. It is crucial for users of affected products to apply the recommended updates to mitigate associated risks.",Intel,Intel(r) Converged Security & Management Engine (csme),9.8,CRITICAL,0.0024399999529123306,false,,false,false,false,,,false,false,,2019-05-17T15:41:38.000Z,0
CVE-2018-12189,https://securityvulnerability.io/vulnerability/CVE-2018-12189,Unhandled Exception in Intel CSME and TXE Security Subsystems,"An unhandled exception in the Content Protection subsystem of Intel CSME and TXE software can grant a privileged user the capability to modify critical data through local access. This issue affects multiple versions, making it essential for users and administrators to apply the necessary updates to safeguard systems against potential misuse.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12192,https://securityvulnerability.io/vulnerability/CVE-2018-12192,Logic Bug in Intel CSME and Server Platform Services Leading to MEBx Authentication Bypass,"A logic bug was identified in the Kernel subsystem of Intel CSME and Intel Server Platform Services that may allow an unauthenticated user to bypass MEBx authentication. This vulnerability requires physical access to exploit, making it imperative for organizations to implement physical security measures. Affected versions include Intel CSME versions prior to 11.8.60, 11.11.60, 11.22.60, and 12.0.20, as well as Intel Server Platform Services versions prior to SPS_E5_04.00.04.393.0. Organizations are advised to apply the necessary updates to protect their infrastructure from potential exploitation.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",6.8,MEDIUM,0.0012600000482052565,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12196,https://securityvulnerability.io/vulnerability/CVE-2018-12196,Insufficient Input Validation in Intel AMT Affects Intel CSME Products,"A vulnerability in Intel AMT exists due to insufficient input validation in Intel CSME, prior to specific versions. This flaw may enable a privileged user to execute arbitrary code with local access, posing a significant risk. It is crucial for users to ensure their systems are updated to the latest firmware versions provided in security advisories to mitigate possible exploitation.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12198,https://securityvulnerability.io/vulnerability/CVE-2018-12198,Input Validation Flaw in Intel Server Platform Services by Intel,"An input validation vulnerability exists within the Intel Server Platform Services HECI subsystem that affects versions prior to SPS_E5_04.00.04.393.0. This flaw allows a privileged local user to manipulate system inputs, potentially leading to a denial of service condition.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",6,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12190,https://securityvulnerability.io/vulnerability/CVE-2018-12190,Insufficient Input Validation in Intel CSME and TXE Subsystems,"The vulnerability stems from insufficient input validation in the Intel CSME and TXE subsystems, potentially allowing a privileged user to escalate their privileges through local access. This could lead to unauthorized access and manipulation of system controls, posing a risk to the integrity of the device. Users and organizations using affected versions should prioritize updating their systems to mitigate this risk.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12185,https://securityvulnerability.io/vulnerability/CVE-2018-12185,Insufficient Input Validation in Intel AMT Affects Intel CSME Products,"Insufficient input validation within Intel's Active Management Technology (AMT) in versions of Intel CSME before 11.8.60, 11.11.60, 11.22.60, or 12.0.20 presents a risk. An unauthenticated user with physical access could exploit this flaw to execute arbitrary code on affected systems, highlighting the importance of prompt updates to safeguard against potential compromises.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",6.8,MEDIUM,0.0009899999713525176,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12208,https://securityvulnerability.io/vulnerability/CVE-2018-12208,Buffer Overflow Vulnerability in Intel CSME and TXE Products,"The vulnerability involves a buffer overflow in the HECI subsystem of Intel's CSME, allowing an unauthenticated user with physical access to potentially execute arbitrary code. This issue affects multiple versions of Intel CSME, TXE, and Server Platform Services, making it crucial for users to update to the latest versions to mitigate this risk. For detailed information and updates, refer to Intel's security advisory and other resources provided.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",7.6,HIGH,0.003539999946951866,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12191,https://securityvulnerability.io/vulnerability/CVE-2018-12191,Code Execution Vulnerability in Intel CSME and Server Platform Services,"A vulnerability exists in the Kernel subsystem of Intel CSME and Intel Server Platform Services that could allow an unauthenticated user to execute arbitrary code with physical access. This flaw affects multiple versions of Intel CSME, Server Platform Services, and Intel TXE, potentially enabling attackers to compromise the system integrity and gain unauthorized control.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",7.6,HIGH,0.003539999946951866,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12200,https://securityvulnerability.io/vulnerability/CVE-2018-12200,Insufficient Access Control in Intel Capability Licensing Service,"Insufficient access control in Intel Capability Licensing Service versions prior to 1.50.638.1 allows an unprivileged user to potentially escalate privileges through local access. This vulnerability can be exploited by users with local access to the system, thereby posing a risk to the security and integrity of the affected environments. It is crucial for users and administrators to ensure they are running the latest version of the software to mitigate potential threats. Further information can be found on the official Intel advisory and associated security bulletins.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12199,https://securityvulnerability.io/vulnerability/CVE-2018-12199,Buffer Overflow Vulnerability in Intel CSME and TXE Components,"The buffer overflow vulnerability in Intel's CSME (Converged Security Management Engine) and TXE (Trusted Execution Engine) allows a privileged user with physical access to potentially execute arbitrary code. This flaw affects specific versions of these components, highlighting the necessity for organizations to maintain updated systems to mitigate risks associated with unauthorized access and potential exploitation.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",6.2,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12187,https://securityvulnerability.io/vulnerability/CVE-2018-12187,Insufficient Input Validation in Intel Active Management Technology,"A vulnerability exists in Intel Active Management Technology due to insufficient input validation in versions prior to 11.8.60, 11.11.60, 11.22.60, and 12.0.20. This weakness can be exploited by an unauthenticated attacker, potentially leading to a denial-of-service condition via network access. Organizations using affected versions of Intel AMT should prioritize applying available updates to mitigate this risk.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-12188,https://securityvulnerability.io/vulnerability/CVE-2018-12188,Insufficient Input Validation in Intel's CSME and TXE Products,"Insufficient input validation in Intel CSME and TXE products could allow an unauthenticated user with physical access to manipulate critical data, posing a significant security risk. This vulnerability affects multiple versions of these products, highlighting the need for prompt updates to mitigate such threats. Users should take immediate action to secure their environments by upgrading to the latest versions as outlined in Intel's security advisories.",Intel,"Intel(r) Csme, Server Platform Services, Trusted Execution Engine And Intel(r) Active Management Technology",4.6,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2019-03-14T20:29:00.000Z,0
CVE-2018-3643,https://securityvulnerability.io/vulnerability/CVE-2018-3643,,"A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.",Intel,Intel(r) Converged Security And Management Engine (csme) And Intel(r) Server Platform Services Firmware,8.2,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2018-09-12T19:29:00.000Z,0