National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-3628 Detail

Current Description

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

Source:  MITRE
Description Last Modified:  07/10/2018
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 8.8 HIGH
Vector: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (V3 legend)
Impact Score: 5.9
Exploitability Score: 2.8


Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

CVSS v2.0 Severity and Metrics:

Base Score: 8.3 HIGH
Vector: (AV:A/AC:L/Au:N/C:C/I:C/A:C) (V2 legend)
Impact Subscore: 10.0
Exploitability Subscore: 6.5


Access Vector (AV): Local_Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional Information:
Allows unauthorized disclosure of information
Allows unauthorized modification
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securitytracker.com/id/1041362 Third Party Advisory VDB Entry
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html Vendor Advisory

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.3

Configuration 1
AND
OR
cpe:/o:intel:active_management_technology_firmware:3.0
cpe:/o:intel:active_management_technology_firmware:4.0
cpe:/o:intel:active_management_technology_firmware:5.0
cpe:/o:intel:active_management_technology_firmware:6.0
cpe:/o:intel:active_management_technology_firmware:7.0
cpe:/o:intel:active_management_technology_firmware:8.0
cpe:/o:intel:active_management_technology_firmware:9.0
cpe:/o:intel:active_management_technology_firmware:10.0
cpe:/o:intel:active_management_technology_firmware:11.0
OR
cpe:/h:intel:core_2_duo:e4300
cpe:/h:intel:core_2_duo:e4400
cpe:/h:intel:core_2_duo:e4500
cpe:/h:intel:core_2_duo:e4600
cpe:/h:intel:core_2_duo:e4700
cpe:/h:intel:core_2_duo:e6300
cpe:/h:intel:core_2_duo:e6320
cpe:/h:intel:core_2_duo:e6400
cpe:/h:intel:core_2_duo:e6420
cpe:/h:intel:core_2_duo:e6540
cpe:/h:intel:core_2_duo:e6550
cpe:/h:intel:core_2_duo:e6600
cpe:/h:intel:core_2_duo:e6700
cpe:/h:intel:core_2_duo:e6750
cpe:/h:intel:core_2_duo:e6850
cpe:/h:intel:core_2_duo:e7200
cpe:/h:intel:core_2_duo:e7300
cpe:/h:intel:core_2_duo:e7400
cpe:/h:intel:core_2_duo:e7500
cpe:/h:intel:core_2_duo:e7600
cpe:/h:intel:core_2_duo:e8190
cpe:/h:intel:core_2_duo:e8200
cpe:/h:intel:core_2_duo:e8300
cpe:/h:intel:core_2_duo:e8400
cpe:/h:intel:core_2_duo:e8500
cpe:/h:intel:core_2_duo:e8600
cpe:/h:intel:core_2_duo:l7200
cpe:/h:intel:core_2_duo:l7300
cpe:/h:intel:core_2_duo:l7400
cpe:/h:intel:core_2_duo:l7500
cpe:/h:intel:core_2_duo:l7700
cpe:/h:intel:core_2_duo:p7350
cpe:/h:intel:core_2_duo:p7370
cpe:/h:intel:core_2_duo:p7450
cpe:/h:intel:core_2_duo:p7550
cpe:/h:intel:core_2_duo:p7570
cpe:/h:intel:core_2_duo:p8400
cpe:/h:intel:core_2_duo:p8600
cpe:/h:intel:core_2_duo:p8700
cpe:/h:intel:core_2_duo:p8800
cpe:/h:intel:core_2_duo:p9500
cpe:/h:intel:core_2_duo:p9600
cpe:/h:intel:core_2_duo:p9700
cpe:/h:intel:core_2_duo:sl9300
cpe:/h:intel:core_2_duo:sl9380
cpe:/h:intel:core_2_duo:sl9400
cpe:/h:intel:core_2_duo:sl9600
cpe:/h:intel:core_2_duo:sp9300
cpe:/h:intel:core_2_duo:sp9400
cpe:/h:intel:core_2_duo:sp9600
cpe:/h:intel:core_2_duo:su9300
cpe:/h:intel:core_2_duo:su9400
cpe:/h:intel:core_2_duo:su9600
cpe:/h:intel:core_2_duo:t5200
cpe:/h:intel:core_2_duo:t5250
cpe:/h:intel:core_2_duo:t5270
cpe:/h:intel:core_2_duo:t5300
cpe:/h:intel:core_2_duo:t5450
cpe:/h:intel:core_2_duo:t5470
cpe:/h:intel:core_2_duo:t5500
cpe:/h:intel:core_2_duo:t5550
cpe:/h:intel:core_2_duo:t5600
cpe:/h:intel:core_2_duo:t5670
cpe:/h:intel:core_2_duo:t5750
cpe:/h:intel:core_2_duo:t5800
cpe:/h:intel:core_2_duo:t5870
cpe:/h:intel:core_2_duo:t6400
cpe:/h:intel:core_2_duo:t6500
cpe:/h:intel:core_2_duo:t6600
cpe:/h:intel:core_2_duo:t6670
cpe:/h:intel:core_2_duo:t7100
cpe:/h:intel:core_2_duo:t7200
cpe:/h:intel:core_2_duo:t7250
cpe:/h:intel:core_2_duo:t7300
cpe:/h:intel:core_2_duo:t7400
cpe:/h:intel:core_2_duo:t7500
cpe:/h:intel:core_2_duo:t7600
cpe:/h:intel:core_2_duo:t7700
cpe:/h:intel:core_2_duo:t7800
cpe:/h:intel:core_2_duo:t8100
cpe:/h:intel:core_2_duo:t8300
cpe:/h:intel:core_2_duo:t9300
cpe:/h:intel:core_2_duo:t9400
cpe:/h:intel:core_2_duo:t9500
cpe:/h:intel:core_2_duo:t9550
cpe:/h:intel:core_2_duo:t9600
cpe:/h:intel:core_2_duo:t9800
cpe:/h:intel:core_2_duo:t9900
cpe:/h:intel:core_2_duo:u7500
cpe:/h:intel:core_2_duo:u7600
cpe:/h:intel:core_2_duo:u7700
Configuration 2
AND
OR
cpe:/o:intel:active_management_technology_firmware:3.0
Configuration 3
Configuration 4
Configuration 5
Configuration 6
Configuration 7
Configuration 8
Configuration 9
Configuration 10
Showing 100 of 862 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-3628
NVD Published Date:
07/10/2018
NVD Last Modified:
09/12/2018