cnvd-2020-16623
Vulnerability from cnvd
Title
Intel CSME和Intel TXE PTT模块权限许可和访问控制问题漏洞
Description
Intel CSME和Intel TXE都是美国英特尔(Intel)公司的产品。Intel CSME是一款融合安全管理引擎。Intel TXE是一款使用在CPU(中央处理器)中具有硬件验证功能的信任执行引擎。Intel PTT module是其中的一个可信平台模块。 Intel CSME和Intel TXE PTT模块存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞泄露信息。
Severity
Patch Name
Intel CSME和Intel TXE PTT模块权限许可和访问控制问题漏洞的补丁
Patch Description
Intel CSME和Intel TXE都是美国英特尔(Intel)公司的产品。Intel CSME是一款融合安全管理引擎。Intel TXE是一款使用在CPU(中央处理器)中具有硬件验证功能的信任执行引擎。Intel PTT module是其中的一个可信平台模块。 Intel CSME和Intel TXE PTT模块存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞泄露信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html

Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-3659
Impacted products
Name
['Intel CSME <12.0.5', 'Intel TXE <4.0']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3659"
    }
  },
  "description": "Intel CSME\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel CSME\u662f\u4e00\u6b3e\u878d\u5408\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002Intel PTT module\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\u3002\n\nIntel CSME\u548cIntel TXE PTT\u6a21\u5757\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-16623",
  "openTime": "2020-03-10",
  "patchDescription": "Intel CSME\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel CSME\u662f\u4e00\u6b3e\u878d\u5408\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002Intel PTT module\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\u3002\r\n\r\nIntel CSME\u548cIntel TXE PTT\u6a21\u5757\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel CSME\u548cIntel TXE PTT\u6a21\u5757\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel CSME \u003c12.0.5",
      "Intel TXE \u003c4.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3659",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-16",
  "title": "Intel CSME\u548cIntel TXE PTT\u6a21\u5757\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.