CVE-2018-3643

{"id": "CVE-2018-3643", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2018-09-12T19:29:02.557", "references": [{"url": "https://security.netapp.com/advisory/ntap-20180924-0002/", "tags": ["Third Party Advisory"], "source": "secure@intel.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us", "tags": ["Patch", "Third Party Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code."}, {"lang": "es", "value": "Una vulnerabilidad en el firmware Power Management Controller en sistemas que emplean un CSME (Intel\u00ae Converged Security and Management Engine) espec\u00edfico en versiones anteriores a la 11.8.55, 11.11.55, 11.21.55 y la 12.0.6 o firmware Intel\u00ae Server Platform Services en versiones anteriores a la 4.x.04 podr\u00eda permitir que un atacante con privilegios administrativos descubra ciertos secretos de la plataforma mediante acceso local o que pueda ejecutar c\u00f3digo arbitrario."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F57BC123-252D-44BB-AAF0-E90E1B348ED1", "versionEndExcluding": "12.0.6"}, {"criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C326802-35F4-4B91-8BE3-93A3F5C0BC5A", "versionEndExcluding": "4.00.04"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}