Sign-up

ID

VAR-201807-1694


CVE

CVE-2018-3628


TITLE

Intel Active Management Technology Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008119

DESCRIPTION

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet. Intel Active Management Technology Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelConvergedSecurityManageabilityEngine is a security management engine used by Intel (Intel) in the CPU (Central Processing Unit). ActiveManagement Technology (AMT) is one of the active management components. A buffer overflow vulnerability exists in the AMT HTTP handler in IntelConvergedSecurityManageabilityEngine. An attacker could exploit the vulnerability to construct arbitrary code by constructing a malicious HTTP request. The following firmware versions are affected: Firmware Version 3.x, Version 4.x, Version 5.x, Version 6.x, Version 7.x, Version 8.x, Version 9.x, Version 10.x, Version 11.x Version

Trust: 2.25

sources: NVD: CVE-2018-3628 // JVNDB: JVNDB-2018-008119 // CNVD: CNVD-2018-14072 // VULHUB: VHN-133659

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14072

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:lteversion:11.22.70

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:eqversion:10.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:3.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:4.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:5.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:6.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:7.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:8.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:9.x

Trust: 0.8

vendor:intelmodel:converged security management enginescope:eqversion:9.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:8.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:7.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:6.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:5.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:4.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:3.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:11.*

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:10.*

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:5.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:11.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:3.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:10.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:8.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:7.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:6.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:4.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:9.0

Trust: 0.6

sources: CNVD: CNVD-2018-14072 // JVNDB: JVNDB-2018-008119 // CNNVD: CNNVD-201807-895 // NVD: CVE-2018-3628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3628
value: HIGH

Trust: 1.0

NVD: CVE-2018-3628
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-14072
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-895
value: HIGH

Trust: 0.6

VULHUB: VHN-133659
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3628
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-14072
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133659
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3628
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-3628
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-14072 // VULHUB: VHN-133659 // JVNDB: JVNDB-2018-008119 // CNNVD: CNNVD-201807-895 // NVD: CVE-2018-3628

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-133659 // JVNDB: JVNDB-2018-008119 // NVD: CVE-2018-3628

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201807-895

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-895

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008119

PATCH
title:INTEL-SA-00112url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
Trust: 0.8
title:Patch for IntelConvergedSecurityManagementEngine Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/135513
Trust: 0.6
title:Intel Converged Security Manageability Engine Active Management Technology Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81957
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14072 // 
            
            
            
            JVNDB: JVNDB-2018-008119 // 
            
            
            
            CNNVD: CNNVD-201807-895

EXTERNAL IDS
db:NVDid:CVE-2018-3628
Trust: 3.1
db:SECTRACKid:1041362
Trust: 1.7
db:JVNDBid:JVNDB-2018-008119
Trust: 0.8
db:CNNVDid:CNNVD-201807-895
Trust: 0.7
db:CNVDid:CNVD-2018-14072
Trust: 0.6
db:VULHUBid:VHN-133659
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14072 // 
            
            
            
            VULHUB: VHN-133659 // 
            
            
            
            JVNDB: JVNDB-2018-008119 // 
            
            
            
            CNNVD: CNNVD-201807-895 // 
            
            
            
            NVD: CVE-2018-3628

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190327-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
Trust: 1.7
url:http://www.securitytracker.com/id/1041362
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03868en_us
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-3628
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3628
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03868en_us
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14072 // 
            
            
            
            VULHUB: VHN-133659 // 
            
            
            
            JVNDB: JVNDB-2018-008119 // 
            
            
            
            CNNVD: CNNVD-201807-895 // 
            
            
            
            NVD: CVE-2018-3628

SOURCES
db:CNVDid:CNVD-2018-14072
db:VULHUBid:VHN-133659
db:JVNDBid:JVNDB-2018-008119
db:CNNVDid:CNNVD-201807-895
db:NVDid:CVE-2018-3628

LAST UPDATE DATE
2024-11-23T21:38:43.881000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14072date:2018-07-27T00:00:00
db:VULHUBid:VHN-133659date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-008119date:2018-10-09T00:00:00
db:CNNVDid:CNNVD-201807-895date:2020-08-25T00:00:00
db:NVDid:CVE-2018-3628date:2024-11-21T04:05:47.820

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14072date:2018-07-27T00:00:00
db:VULHUBid:VHN-133659date:2018-07-10T00:00:00
db:JVNDBid:JVNDB-2018-008119date:2018-10-09T00:00:00
db:CNNVDid:CNNVD-201807-895date:2018-07-10T00:00:00
db:NVDid:CVE-2018-3628date:2018-07-10T21:29:00.857