SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2018-3628

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 8.8		CVSS Score : 8.3
Exploit Score: 2.8		Exploit Score: 6.5
Impact Score: 5.9		Impact Score: 10.0

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: ADJACENT_NETWORK		Access Vector: ADJACENT_NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: COMPLETE
Scope: UNCHANGED		Integrity: COMPLETE
Confidentiality: HIGH		Availability: COMPLETE
Integrity: HIGH
Availability: HIGH

Reference:

SECTRACK-1041362

https://security.netapp.com/advisory/ntap-20190327-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html


30479



423868



249461



909



195508



282