CVE-2018-3616

CVE Database · CVE-2018-3616

CVE-2018-3616

· MEDIUMModified

CVSS v3.1

5.9

EPSS

2.39%

Published

Sep 12, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products (25)

intel · converged_security_management_engine_firmware (up to 12.0.5)vulnerable

intel · active_management_technology_firmware (up to 12.0.5)vulnerable

intel · manageability_engine_firmware (up to 11.0)vulnerable

siemens · simatic_field_pg_m5_firmware (up to 22.01.06)vulnerable

siemens · simatic_field_pg_m5

siemens · simatic_ipc427e_firmware (up to 21.01.09)vulnerable

siemens · simatic_ipc427e

siemens · simatic_ipc477e_firmware (up to 21.01.09)vulnerable

siemens · simatic_ipc477e

References (12)

http://www.securityfocus.com/bid/106996

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf

PatchThird Party Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05

Third Party AdvisoryUS Government Resource

https://security.netapp.com/advisory/ntap-20180924-0003/

Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us

Third Party Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html

KEV Catalog EPSS Scores Vendors All CVEs