Sign-up

ID

VAR-201807-1695


CVE

CVE-2018-3629


TITLE

Intel Active Management Technology Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008120

DESCRIPTION

Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet. Intel Active Management Technology Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Converged Security Manageability Engine is a security management engine used in CPU (Central Processing Unit) by Intel Corporation. Active Management Technology (AMT) is one of the active management components. An attacker can exploit this vulnerability by constructing malicious code to cause a denial of service. The following firmware versions are affected: Firmware Version 3.x, Version 4.x, Version 5.x, Version 6.x, Version 7.x, Version 8.x, Version 9.x, Version 10.x, Version 11.x Version

Trust: 1.71

sources: NVD: CVE-2018-3629 // JVNDB: JVNDB-2018-008120 // VULHUB: VHN-133660

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:lteversion:11.22.70

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:eqversion:10.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:11.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:3.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:4.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:5.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:6.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:7.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:8.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:9.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:5.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:11.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:3.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:10.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:8.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:7.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:6.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:4.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:9.0

Trust: 0.6

sources: JVNDB: JVNDB-2018-008120 // CNNVD: CNNVD-201807-894 // NVD: CVE-2018-3629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3629
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3629
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-894
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133660
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3629
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133660
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3629
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-3629
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-133660 // JVNDB: JVNDB-2018-008120 // CNNVD: CNNVD-201807-894 // NVD: CVE-2018-3629

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-133660 // JVNDB: JVNDB-2018-008120 // NVD: CVE-2018-3629

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201807-894

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-894

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008120

PATCH
title:INTEL-SA-00112url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
Trust: 0.8
title:Intel Converged Security Manageability Engine Active Management Technology Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81956
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008120 // 
            
            
            
            CNNVD: CNNVD-201807-894

EXTERNAL IDS
db:NVDid:CVE-2018-3629
Trust: 2.5
db:SECTRACKid:1041362
Trust: 1.7
db:JVNDBid:JVNDB-2018-008120
Trust: 0.8
db:CNNVDid:CNNVD-201807-894
Trust: 0.7
db:VULHUBid:VHN-133660
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133660 // 
            
            
            
            JVNDB: JVNDB-2018-008120 // 
            
            
            
            CNNVD: CNNVD-201807-894 // 
            
            
            
            NVD: CVE-2018-3629

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190327-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
Trust: 1.7
url:http://www.securitytracker.com/id/1041362
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03868en_us
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3629
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3629
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03868en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133660 // 
            
            
            
            JVNDB: JVNDB-2018-008120 // 
            
            
            
            CNNVD: CNNVD-201807-894 // 
            
            
            
            NVD: CVE-2018-3629

SOURCES
db:VULHUBid:VHN-133660
db:JVNDBid:JVNDB-2018-008120
db:CNNVDid:CNNVD-201807-894
db:NVDid:CVE-2018-3629

LAST UPDATE DATE
2024-11-23T21:38:43.814000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133660date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-008120date:2018-10-09T00:00:00
db:CNNVDid:CNNVD-201807-894date:2020-08-25T00:00:00
db:NVDid:CVE-2018-3629date:2024-11-21T04:05:48.037

SOURCES RELEASE DATE
db:VULHUBid:VHN-133660date:2018-07-10T00:00:00
db:JVNDBid:JVNDB-2018-008120date:2018-10-09T00:00:00
db:CNNVDid:CNNVD-201807-894date:2018-07-10T00:00:00
db:NVDid:CVE-2018-3629date:2018-07-10T21:29:00.887