Buffer overflow in Intel Active_management_technology_firmware
CVE-2018-3628
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same…
Vulnerability class: Buffer Overflow
EPSS: 0.014 (68.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Intel Active_management_technology_firmware
- Intel Core_2_duo — versions e4300, e4400, e4500
- Intel Core_2_extreme — versions qx6700, qx6800, qx6850
- Intel Core_2_quad — versions q6600, q6700, q8200
- Intel Core_2_solo — versions su3500, u2100, u2200
- Intel Core_duo — versions l2300, l2400, l2500
- Intel Core_i3 — versions 4000m, 4005u, 4010u
- Intel Core_i5 — versions 4200h, 4200m, 4200u
- Intel Core_i7 — versions 4500u, 4510u, 4550u
- Intel Core_i9 — versions 8950hk
Weakness classification (CWE)
References
- secure@intel.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- secure@intel.com (x_refsource_CONFIRM, Vendor Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
- secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2018-3628?
- CVE-2018-3628 is a high-severity vulnerability in Intel Active_management_technology_firmware, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 8.8/10. Published 2018-07-10.
- How severe is CVE-2018-3628?
- High severity. CVSS v3 base score is 8.8 out of 10.