There are dozens of known CSME vulns -- there's a list on cvedetails [0] which itself seems to be missing some (e.g. 2019-0090/2019-0091). Plenty of these could be used by a sophisticated attacker with physical access, and some can even be executed remotely.
Here's an Intel Whitepaper detailing one such vulnerability of moderate severity (CVE-2019-0090, CVSS 4.4) [1]. From the 'Potential Consequences' table:
> Unauthorized BIOS
compromises OS loader and
OS integrity... All use cases / user secrets
protected by Intel TPM are
compromised.
Other bits and pieces of firmware including AMT have been similarly plagued with vulns [2], such as CVE-2017-5689, with a CVSS score of 10!
These are often difficult to patch, and even more difficult to convince manufacturers to spend the effort testing and distributing updates for their products. My own laptop is still running a version of CSME vulnerable to many of these attacks.
Here's an Intel Whitepaper detailing one such vulnerability of moderate severity (CVE-2019-0090, CVSS 4.4) [1]. From the 'Potential Consequences' table:
> Unauthorized BIOS compromises OS loader and OS integrity... All use cases / user secrets protected by Intel TPM are compromised.
Other bits and pieces of firmware including AMT have been similarly plagued with vulns [2], such as CVE-2017-5689, with a CVSS score of 10!
These are often difficult to patch, and even more difficult to convince manufacturers to spend the effort testing and distributing updates for their products. My own laptop is still running a version of CSME vulnerable to many of these attacks.
[0] https://www.cvedetails.com/vulnerability-list/vendor_id-238/...
[1] https://www.intel.com/content/dam/www/public/us/en/security-...
[2] https://www.cvedetails.com/vulnerability-list/vendor_id-238/...