CVE-2018-3628

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

Published: Jul 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-3628
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
intel / active_management_technology_firmware	3.0	11.22.70.x

http://www.securitytracker.com/id/1041362
https://security.netapp.com/advisory/ntap-20190327-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html

Vulnerability Database

289,697

CVE-2018-3628