Sign-up

ID

VAR-201807-1696


CVE

CVE-2018-3632


TITLE

Intel Active Management Technology Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008121

DESCRIPTION

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system. Intel Active Management Technology Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelConvergedSecurityManageabilityEngine is a security management engine used by Intel (Intel) in the CPU (Central Processing Unit). ActiveManagement Technology (AMT) is one of the active management components. AMT has a privilege elevation vulnerability in IntelConvergedSecurityManageabilityEngine. An attacker could exploit the vulnerability to gain elevated privileges by building malicious code. The following firmware versions are affected: Firmware Version 6.x, Version 7.x, Version 8.x, Version 9.x, Version 10.x, Version 11.0, Version 11.5, Version 11.6, Version 11.7, Version 11.10, Version 11.20

Trust: 2.25

sources: NVD: CVE-2018-3632 // JVNDB: JVNDB-2018-008121 // CNVD: CNVD-2018-15598 // VULHUB: VHN-133663

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-15598

AFFECTED PRODUCTS

vendor:intelmodel:active management technologyscope:eqversion:11.0

Trust: 1.4

vendor:intelmodel:active management technologyscope:eqversion:11.10

Trust: 1.4

vendor:intelmodel:active management technologyscope:eqversion:11.20

Trust: 1.4

vendor:intelmodel:active management technologyscope:eqversion:11.5

Trust: 1.4

vendor:intelmodel:active management technologyscope:eqversion:11.6

Trust: 1.4

vendor:intelmodel:active management technologyscope:eqversion:11.7

Trust: 1.4

vendor:intelmodel:active management technologyscope:lteversion:11.20

Trust: 1.0

vendor:intelmodel:active management technologyscope:gteversion:6.0

Trust: 1.0

vendor:intelmodel:active management technologyscope:eqversion:10.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:6.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:7.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:8.x

Trust: 0.8

vendor:intelmodel:active management technologyscope:eqversion:9.x

Trust: 0.8

vendor:intelmodel:converged security manageability enginescope:eqversion:6.*

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:7.*

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:8.*

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:9.*

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:10.*

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:11.0

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:11.5

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:11.6

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:11.7

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:11.10

Trust: 0.6

vendor:intelmodel:converged security manageability enginescope:eqversion:11.20

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:10.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:8.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:9.0

Trust: 0.6

vendor:intelmodel:active management technologyscope:eqversion:7.0

Trust: 0.6

sources: CNVD: CNVD-2018-15598 // JVNDB: JVNDB-2018-008121 // CNNVD: CNNVD-201807-893 // NVD: CVE-2018-3632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3632
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3632
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-15598
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201807-893
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133663
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3632
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-15598
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-133663
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3632
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-3632
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-15598 // VULHUB: VHN-133663 // JVNDB: JVNDB-2018-008121 // CNNVD: CNNVD-201807-893 // NVD: CVE-2018-3632

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-133663 // JVNDB: JVNDB-2018-008121 // NVD: CVE-2018-3632

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-893

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201807-893

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008121

PATCH
title:INTEL-SA-00112url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
Trust: 0.8
title:Patch for Intel ConvergedSecurityManageabilityEngineActiveManagementTechnology Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/137785
Trust: 0.6
title:Intel Converged Security Manageability Engine Active Management Technology Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81955
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-15598 // 
            
            
            
            JVNDB: JVNDB-2018-008121 // 
            
            
            
            CNNVD: CNNVD-201807-893

EXTERNAL IDS
db:NVDid:CVE-2018-3632
Trust: 3.1
db:SECTRACKid:1041362
Trust: 1.7
db:JVNDBid:JVNDB-2018-008121
Trust: 0.8
db:CNNVDid:CNNVD-201807-893
Trust: 0.7
db:CNVDid:CNVD-2018-15598
Trust: 0.6
db:VULHUBid:VHN-133663
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-15598 // 
            
            
            
            VULHUB: VHN-133663 // 
            
            
            
            JVNDB: JVNDB-2018-008121 // 
            
            
            
            CNNVD: CNNVD-201807-893 // 
            
            
            
            NVD: CVE-2018-3632

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
Trust: 2.3
url:https://security.netapp.com/advisory/ntap-20190327-0001/
Trust: 1.7
url:http://www.securitytracker.com/id/1041362
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03868en_us
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3632
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03868en_us
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-15598 // 
            
            
            
            VULHUB: VHN-133663 // 
            
            
            
            JVNDB: JVNDB-2018-008121 // 
            
            
            
            CNNVD: CNNVD-201807-893 // 
            
            
            
            NVD: CVE-2018-3632

SOURCES
db:CNVDid:CNVD-2018-15598
db:VULHUBid:VHN-133663
db:JVNDBid:JVNDB-2018-008121
db:CNNVDid:CNNVD-201807-893
db:NVDid:CVE-2018-3632

LAST UPDATE DATE
2024-11-23T21:38:43.845000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-15598date:2018-08-17T00:00:00
db:VULHUBid:VHN-133663date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-008121date:2018-10-09T00:00:00
db:CNNVDid:CNNVD-201807-893date:2020-10-22T00:00:00
db:NVDid:CVE-2018-3632date:2024-11-21T04:05:48.263

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-15598date:2018-08-17T00:00:00
db:VULHUBid:VHN-133663date:2018-07-10T00:00:00
db:JVNDBid:JVNDB-2018-008121date:2018-10-09T00:00:00
db:CNNVDid:CNNVD-201807-893date:2018-07-10T00:00:00
db:NVDid:CVE-2018-3632date:2018-07-10T21:29:00.937