Intel Converged Security Management Engine Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Intel Converged Security Management Engine Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (44)
CVE-2019-0153 — CVSS 9.8 (critical): Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of…
CVE-2019-0169 — CVSS 8.8 (high): Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and…
CVE-2022-36392 — CVSS 8.6 (high): Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94…
CVE-2018-3643 — CVSS 8.2 (high): A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME)…
CVE-2018-3627 — CVSS 8.2 (high): Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
CVE-2019-11147 — CVSS 7.8 (high): Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70…
CVE-2019-11104 — CVSS 7.8 (high): Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and…
CVE-2019-11103 — CVSS 7.8 (high): Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an…
CVE-2020-0542 — CVSS 7.8 (high): Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an…
CVE-2019-0086 — CVSS 7.8 (high): Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65…
CVE-2018-12191 — CVSS 7.6 (high): Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services…
CVE-2018-12208 — CVSS 7.6 (high): Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before…
CVE-2020-0534 — CVSS 7.5 (high): Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an…
CVE-2020-0536 — CVSS 7.5 (high): Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and…
CVE-2018-3655 — CVSS 7.3 (high): A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted…
CVE-2022-38102 — CVSS 7.2 (high): Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may…
CVE-2018-12192 — CVSS 6.8 (medium): Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services…
CVE-2018-3659 — CVSS 6.8 (medium): A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an…
CVE-2018-12185 — CVSS 6.8 (medium): Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an…
CVE-2019-0098 — CVSS 6.8 (medium): Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an…
CVE-2020-0541 — CVSS 6.7 (medium): Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to…
CVE-2018-12190 — CVSS 6.7 (medium): Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before…
CVE-2018-12196 — CVSS 6.7 (medium): Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged…
CVE-2018-3657 — CVSS 6.7 (medium): Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially…
CVE-2019-0170 — CVSS 6.7 (medium): Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of…
CVE-2019-11087 — CVSS 6.7 (medium): Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10…
CVE-2019-11105 — CVSS 6.7 (medium): Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable…
CVE-2019-11106 — CVSS 6.7 (medium): Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE…
CVE-2019-11108 — CVSS 6.7 (medium): Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially…
CVE-2019-11110 — CVSS 6.7 (medium): Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10…
CVE-2019-14598 — CVSS 6.7 (medium): Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20…
CVE-2020-0533 — CVSS 6.7 (medium): Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable…
CVE-2018-12147 — CVSS 6.7 (medium): Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version…
CVE-2022-29871 — CVSS 6.7 (medium): Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially…
CVE-2018-12199 — CVSS 6.2 (medium): Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60…
CVE-2018-3616 — CVSS 5.9 (medium): Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an…
CVE-2020-0539 — CVSS 5.5 (medium): Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32…
CVE-2018-3658 — CVSS 5.3 (medium): Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT…
CVE-2018-12188 — CVSS 4.6 (medium): Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or…
CVE-2019-0168 — CVSS 4.4 (medium): Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions…
CVE-2018-12189 — CVSS 4.4 (medium): Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE…
CVE-2019-11101 — CVSS 4.4 (medium): Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10…
CVE-2019-0165 — CVSS 4.4 (medium): Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to…
CVE-2020-0545 — CVSS 4.4 (medium): Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25…