PT-2018-1596 · Intel · Intel Csme+1
Published
2018-09-12
·
Updated
2023-08-17
·
CVE-2018-3657
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Intel CSME firmware versions prior to 12.0.5
Description
The issue is caused by multiple buffer overflows in Intel AMT in Intel CSME firmware, which may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. This can occur due to a buffer overflow in memory, allowing an attacker to potentially execute arbitrary code.
Recommendations
For Intel CSME firmware versions prior to 12.0.5, update to version 12.0.5 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Amt
Intel Csme