CVE-2018-3658

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Intel CSME firmware versions prior to 12.0.5

Description The issue is caused by multiple memory leaks in Intel Active Management Technology (AMT) in Intel Converged Security and Manageability Engine (CSME) firmware. This may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. The vulnerability can be exploited by a remote attacker, leading to a denial of service.

Recommendations For Intel CSME firmware versions prior to 12.0.5, update to version 12.0.5 or later to resolve the issue. As a temporary workaround, consider restricting network access to Intel AMT to minimize the risk of exploitation.

Fix

Missing Release of Resource after Effective Lifetime

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-404

Related Identifiers

BDU:2018-01152

CVE-2018-3658

Affected Products

Intel Amt

Intel Csme

CVE-2018-3658

Weakness Enumeration

Related Identifiers

Affected Products

References · 13