CVE-2018-3616

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
intelconverged_security_management_engine_firmware
11.0.0 ≤
𝑥
< 12.0.5
intelactive_management_technology_firmware
𝑥
< 12.0.5
intelmanageability_engine_firmware
9.0.0.0 ≤
𝑥
< 11.0
siemenssimatic_field_pg_m5_firmware
𝑥
< 22.01.06
siemenssimatic_ipc427e_firmware
𝑥
< 21.01.09
siemenssimatic_ipc477e_firmware
𝑥
< 21.01.09
siemenssimatic_ipc547e_firmware
𝑥
< r1.30.0
siemenssimatic_pc547g_firmware
𝑥
< r1.23.0
siemenssimatic_ipc627d_firmware
𝑥
< 19.02.11
siemenssimatic_ipc647d_firmware
𝑥
< 19.01.14
siemenssimatic_ipc677d_firmware
𝑥
< 19.02.11
siemenssimatic_ipc827d_firmware
𝑥
< 19.02.11
siemenssimatic_ipc847d_firmware
𝑥
< 19.01.14
siemenssimatic_itp1000_firmware
𝑥
< 23.01.04
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/106996
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
http://www.securityfocus.com/bid/106996
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html