PT-2018-1597 · Intel · Intel Active Management Technology+2
Published
2018-09-12
·
Updated
2023-08-17
·
CVE-2018-3616
CVSS v2.0
7.1
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Intel Active Management Technology versions prior to 12.0.5
Description
A Bleichenbacher-style side channel vulnerability exists in the TLS implementation of Intel Active Management Technology. This issue may allow an unauthenticated user to potentially obtain the TLS session key via the network. The vulnerability is caused by a failure to adhere to TLS security standards in the Intel Converged Security and Manageability Engine and Intel Management Engine firmware.
Recommendations
For versions prior to 12.0.5, update to version 12.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the TLS implementation until a patch is available.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Active Management Technology
Intel Converged Security/Manageability Engine
Intel Management Engine