CVE-2018-3616

4 documents4 sources

Severity

5.9MEDIUM

EPSS

1.5%

top 19.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Active Management Technology Firmware Intel Converged Security Management Engine Firmware Intel Manageability Engine Firmware +12 more

Timeline

PublishedSep 12

Latest updateMay 13

Description

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages15 packages

▶NVDintel/active_management_technology_firmware< 12.0.5

▶CVEListV5intel_corporation/intel(r)_active_management_technologyVersions before 12.0.5.

▶NVDintel/converged_security_management_engine_firmware11.0.0 — 12.0.5

▶NVDintel/manageability_engine_firmware9.0.0.0 — 11.0

▶NVDsiemens/simatic_pc547g_firmware< r1.23.0

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-7gp5-m68f-f3xp: Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12↗2022-05-13

▶

OSV

libjpeg9 vulnerabilities↗2022-03-23

▶

CVEList

CVE-2018-3616: Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12↗2018-09-12

▶