CVE-2018-3658

CWE-7723 documents3 sources

Severity

5.3MEDIUM

EPSS

1.1%

top 21.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Active Management Technology Firmware Intel Converged Security Management Engine Firmware Intel Manageability Engine Firmware +12 more

Timeline

PublishedSep 12

Latest updateMay 13

Description

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages15 packages

▶NVDintel/manageability_engine_firmware9.0.0.0 — 11.0

▶NVDintel/active_management_technology_firmware< 12.0.5

▶NVDintel/converged_security_management_engine_firmware11.0.0 — 12.0.5

▶CVEListV5intel_corporation/intel(r)_active_management_technologyVersions before 12.0.5.

▶NVDsiemens/simatic_pc547g_firmware< r1.23.0

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-4xf8-qhpw-9g4c: Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12↗2022-05-13

▶

CVEList

CVE-2018-3658: Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12↗2018-09-12

▶