Buffer Overflow in Intel Active Management Technology Affecting Various Intel Firmware Versions
CVE-2018-3628

8.8HIGH

Key Information:

Vendor

Intel
Status
Intel Active Management Technology
Vendor
CVE Published:
10 July 2018

What is CVE-2018-3628?

A buffer overflow vulnerability exists in the HTTP handler of Intel's Active Management Technology, which affects a range of firmware versions. If exploited, this vulnerability could allow an attacker on the same subnet to execute arbitrary code, potentially compromising system integrity and security. It is crucial for affected users to apply security updates and measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Intel Active Management Technology 3.x,4.x,5.x,6.x,7.x,8.x,9.x,10.x,11.x

References

http://www.securitytracker.com/id/1041362
vdb-entryx_refsource_SECTRACK
https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.