Side Channel Vulnerability in Intel Active Management Technology
CVE-2018-3616

5.9MEDIUM

Key Information:

Vendor
Intel
Status
Intel(r) Active Management Technology
Vendor
CVE Published:
12 September 2018

Summary

A side channel vulnerability has been identified in the TLS implementation of Intel Active Management Technology prior to version 12.0.5. This vulnerability could allow an unauthorized user to gain access to the TLS session key by exploiting the TLS protocol over the network. This flaw underlines the importance of ensuring software updates to mitigate potential risks associated with unauthorized data access.

Affected Version(s)

Intel(R) Active Management Technology Versions before 12.0.5.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-37731...
x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
x_refsource_MISC
https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.