CVE-2018-3628

EUVD-2018-15482
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
intelactive_management_technology_firmware
3.0 ≤
𝑥
≤ 11.22.70
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1041362
https://security.netapp.com/advisory/ntap-20190327-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
http://www.securitytracker.com/id/1041362
https://security.netapp.com/advisory/ntap-20190327-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html