CVE-2018-3659

{"id": "CVE-2018-3659", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2018-09-12T19:29:03.107", "references": [{"url": "https://security.netapp.com/advisory/ntap-20180924-0003/", "tags": ["Third Party Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://security.netapp.com/advisory/ntap-20180924-0003/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo Intel PTT en el firmware Intel CSME en versiones anteriores a la 12.0.5 y el firmware Intel TXE en versiones anteriores a la 4.0 podr\u00eda permitir que un usuario no autenticado divulgue informaci\u00f3n mediante acceso f\u00edsico."}], "lastModified": "2024-11-21T04:05:51.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA360B3E-90A5-4F3A-A89B-A41BDFEBD4ED", "versionEndExcluding": "12.0.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D002CA65-494F-432A-A653-F6F502F6D6C6", "versionEndExcluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}