CVE-2018-3616

EUVD-2018-15470
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0.0 ≤
𝑥
< 12.0.5
intelactive_management_technology_firmware
𝑥
< 12.0.5
intelmanageability_engine_firmware
9.0.0.0 ≤
𝑥
< 11.0
siemenssimatic_field_pg_m5_firmware
𝑥
< 22.01.06
siemenssimatic_ipc427e_firmware
𝑥
< 21.01.09
siemenssimatic_ipc477e_firmware
𝑥
< 21.01.09
siemenssimatic_ipc547e_firmware
𝑥
< r1.30.0
siemenssimatic_pc547g_firmware
𝑥
< r1.23.0
siemenssimatic_ipc627d_firmware
𝑥
< 19.02.11
siemenssimatic_ipc647d_firmware
𝑥
< 19.01.14
siemenssimatic_ipc677d_firmware
𝑥
< 19.02.11
siemenssimatic_ipc827d_firmware
𝑥
< 19.02.11
siemenssimatic_ipc847d_firmware
𝑥
< 19.01.14
siemenssimatic_itp1000_firmware
𝑥
< 23.01.04
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/106996
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
http://www.securityfocus.com/bid/106996
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html