CVE-2018-3657

CWE-119 — Buffer Overflow3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.3%

top 50.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Active Management Technology Firmware Intel Converged Security Management Engine Firmware Intel Manageability Engine Firmware +12 more

Timeline

PublishedSep 12

Latest updateMay 13

Description

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages15 packages

▶NVDintel/manageability_engine_firmware9.0.0.0 — 11.0

▶NVDintel/active_management_technology_firmware< 12.0.5

▶NVDintel/converged_security_management_engine_firmware11.0.0 — 12.0.5

▶CVEListV5intel_corporation/intel(r)_active_management_technologyVersions before version 12.0.5.

▶NVDsiemens/simatic_pc547g_firmware< r1.23.0

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-8rgp-cgf3-c9q6: Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12↗2022-05-13

▶

CVEList

CVE-2018-3657: Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12↗2018-09-12

▶