What is CVE-2018-3632?

CVE-2018-3632 is a medium-severity vulnerability in Intel Active_management_technology_firmware, classified under Out-of-bounds Write. CVSS score: 6.7/10. Published 2018-07-10.

How severe is CVE-2018-3632?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Buffer overflow in Intel Active_management_technology_firmware

CVE-2018-3632

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local adminis…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (30.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Intel Active_management_technology_firmware
Intel Core_2_duo — versions e4300, e4400, e4500
Intel Core_2_extreme — versions qx6700, qx6800, qx6850
Intel Core_2_quad — versions q6600, q6700, q8200
Intel Core_2_solo — versions su3500, u2100, u2200
Intel Core_duo — versions l2300, l2400, l2500
Intel Core_i3 — versions 4000m, 4005u, 4010u
Intel Core_i5 — versions 4200h, 4200m, 4200u
Intel Core_i7 — versions 4500u, 4510u, 4550u
Intel Core_i9 — versions 8950hk

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

secure@intel.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
secure@intel.com (x_refsource_CONFIRM, Vendor Advisory)
secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)
secure@intel.com (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2018-3632?: CVE-2018-3632 is a medium-severity vulnerability in Intel Active_management_technology_firmware, classified under Out-of-bounds Write. CVSS score: 6.7/10. Published 2018-07-10.
How severe is CVE-2018-3632?: Medium severity. CVSS v3 base score is 6.7 out of 10.