Buffer Overflow in Intel Active Management Technology Affects Multiple Firmware Versions
CVE-2018-3629

6.5MEDIUM

Key Information:

Vendor
Intel
Status
Intel Active Management Technology
Vendor
CVE Published:
10 July 2018

Summary

A buffer overflow vulnerability exists in the event handler of Intel Active Management Technology across multiple firmware versions, ranging from 3.x to 11.x. This flaw may allow an attacker within the same subnet to exploit the vulnerability, potentially leading to a denial of service. It highlights the need for organizations to ensure firmware is kept up-to-date and to implement network security measures to mitigate risks from potential attacks.

Affected Version(s)

Intel Active Management Technology 3.x,4.x,5.x,6.x,7.x,8.x,9.x,10.x,11.x

References

http://www.securitytracker.com/id/1041362
vdb-entryx_refsource_SECTRACK
https://www.intel.com/content/www/us/en/security-center/a...
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.