Intel Server Platform Services Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Intel Server Platform Services Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2018-3643 — CVSS 8.2 (high): A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME)…
CVE-2017-5709 — CVSS 7.8 (high): Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged…
CVE-2017-5706 — CVSS 7.8 (high): Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to…
CVE-2018-12191 — CVSS 7.6 (high): Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services…
CVE-2018-12208 — CVSS 7.6 (high): Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before…
CVE-2018-3655 — CVSS 7.3 (high): A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted…
CVE-2022-29466 — CVSS 7.3 (high): Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially…
CVE-2019-0099 — CVSS 6.8 (medium): Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated…
CVE-2018-12192 — CVSS 6.8 (medium): Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services…
CVE-2018-12147 — CVSS 6.7 (medium): Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version…
CVE-2018-12198 — CVSS 6.0 (medium): Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged…
CVE-2022-29515 — CVSS 6.0 (medium): Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a…
CVE-2019-11090 — CVSS 5.9 (medium): Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10…
CVE-2019-11109 — CVSS 4.4 (medium): Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0…
CVE-2022-26074 — CVSS 4.4 (medium): Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a…