Vulnerability Details CVE-2018-3657
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.3%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
- http://www.securityfocus.com/bid/106996
- https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
- https://security.netapp.com/advisory/ntap-20180924-0003/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
- http://www.securityfocus.com/bid/106996
- https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
- https://security.netapp.com/advisory/ntap-20180924-0003/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
Products affected by CVE-2018-3657
-
cpe:2.3:a:intel:converged_security_management_engine_firmware:11.10
-
cpe:2.3:a:intel:converged_security_management_engine_firmware:11.11.65
-
cpe:2.3:a:intel:converged_security_management_engine_firmware:11.20
-
cpe:2.3:a:intel:converged_security_management_engine_firmware:11.22.65
-
cpe:2.3:a:intel:converged_security_management_engine_firmware:11.8.65
-
cpe:2.3:a:intel:converged_security_management_engine_firmware:12.0
-
cpe:2.3:h:siemens:simatic_field_pg_m5:-
-
cpe:2.3:h:siemens:simatic_ipc427e:-
-
cpe:2.3:h:siemens:simatic_ipc477e:-
-
cpe:2.3:h:siemens:simatic_ipc547g:-
-
cpe:2.3:h:siemens:simatic_ipc627d:-
-
cpe:2.3:h:siemens:simatic_ipc647d:-
-
cpe:2.3:h:siemens:simatic_ipc677d:-
-
cpe:2.3:h:siemens:simatic_ipc827d:-
-
cpe:2.3:h:siemens:simatic_ipc847d:-
-
cpe:2.3:h:siemens:simatic_itp1000:-
-
cpe:2.3:h:siemens:simatic_pc547e:-
-
cpe:2.3:o:intel:active_management_technology_firmware:-
-
cpe:2.3:o:intel:active_management_technology_firmware:1.0
-
cpe:2.3:o:intel:active_management_technology_firmware:10.0
-
cpe:2.3:o:intel:active_management_technology_firmware:11.0
-
cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001
-
cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000
-
cpe:2.3:o:intel:active_management_technology_firmware:11.10
-
cpe:2.3:o:intel:active_management_technology_firmware:11.11.60
-
cpe:2.3:o:intel:active_management_technology_firmware:11.11.65
-
cpe:2.3:o:intel:active_management_technology_firmware:11.11.70
-
cpe:2.3:o:intel:active_management_technology_firmware:11.11.76
-
cpe:2.3:o:intel:active_management_technology_firmware:11.11.77
-
cpe:2.3:o:intel:active_management_technology_firmware:11.12
-
cpe:2.3:o:intel:active_management_technology_firmware:11.12.0
-
cpe:2.3:o:intel:active_management_technology_firmware:11.12.77
-
cpe:2.3:o:intel:active_management_technology_firmware:11.12.79
-
cpe:2.3:o:intel:active_management_technology_firmware:11.12.80
-
cpe:2.3:o:intel:active_management_technology_firmware:11.12.93
-
cpe:2.3:o:intel:active_management_technology_firmware:11.2
-
cpe:2.3:o:intel:active_management_technology_firmware:11.20
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.0
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.60
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.65
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.70
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.76
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.77
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.79
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.80
-
cpe:2.3:o:intel:active_management_technology_firmware:11.22.93
-
cpe:2.3:o:intel:active_management_technology_firmware:11.5
-
cpe:2.3:o:intel:active_management_technology_firmware:11.6
-
cpe:2.3:o:intel:active_management_technology_firmware:11.7
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.50.3420
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.60
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.65
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.70
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.76
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.77
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.79
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.80
-
cpe:2.3:o:intel:active_management_technology_firmware:11.8.93
-
cpe:2.3:o:intel:active_management_technology_firmware:12.0
-
cpe:2.3:o:intel:active_management_technology_firmware:12.0.0
-
cpe:2.3:o:intel:active_management_technology_firmware:2.0
-
cpe:2.3:o:intel:active_management_technology_firmware:2.1
-
cpe:2.3:o:intel:active_management_technology_firmware:2.2
-
cpe:2.3:o:intel:active_management_technology_firmware:2.5
-
cpe:2.3:o:intel:active_management_technology_firmware:2.6
-
cpe:2.3:o:intel:active_management_technology_firmware:3.0
-
cpe:2.3:o:intel:active_management_technology_firmware:3.1
-
cpe:2.3:o:intel:active_management_technology_firmware:3.2
-
cpe:2.3:o:intel:active_management_technology_firmware:4.0
-
cpe:2.3:o:intel:active_management_technology_firmware:4.1
-
cpe:2.3:o:intel:active_management_technology_firmware:5.0
-
cpe:2.3:o:intel:active_management_technology_firmware:6.0
-
cpe:2.3:o:intel:active_management_technology_firmware:6.1
-
cpe:2.3:o:intel:active_management_technology_firmware:6.2
-
cpe:2.3:o:intel:active_management_technology_firmware:7.0
-
cpe:2.3:o:intel:active_management_technology_firmware:7.1
-
cpe:2.3:o:intel:active_management_technology_firmware:8.0
-
cpe:2.3:o:intel:active_management_technology_firmware:8.1
-
cpe:2.3:o:intel:active_management_technology_firmware:9.0
-
cpe:2.3:o:intel:active_management_technology_firmware:9.1
-
cpe:2.3:o:intel:active_management_technology_firmware:9.5
-
cpe:2.3:o:intel:manageability_engine_firmware:10.0.0.0
-
cpe:2.3:o:intel:manageability_engine_firmware:10.0.55.3000
-
cpe:2.3:o:intel:manageability_engine_firmware:9.0.0.0
-
cpe:2.3:o:intel:manageability_engine_firmware:9.1.41.3024
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:-
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.01
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.02
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.03
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.04
-
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:22.01.05
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.03
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.05
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.06
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.07
-
cpe:2.3:o:siemens:simatic_ipc427e_firmware:21.01.08
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:-
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.03
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.05
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.06
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.07
-
cpe:2.3:o:siemens:simatic_ipc477e_firmware:21.01.08
-
cpe:2.3:o:siemens:simatic_ipc547e_firmware:*
-
cpe:2.3:o:siemens:simatic_ipc627d_firmware:19.02.06
-
cpe:2.3:o:siemens:simatic_ipc627d_firmware:19.02.09
-
cpe:2.3:o:siemens:simatic_ipc647d_firmware:19.01.07
-
cpe:2.3:o:siemens:simatic_ipc647d_firmware:19.01.10
-
cpe:2.3:o:siemens:simatic_ipc677d_firmware:19.02.06
-
cpe:2.3:o:siemens:simatic_ipc677d_firmware:19.02.09
-
cpe:2.3:o:siemens:simatic_ipc827d_firmware:19.02.06
-
cpe:2.3:o:siemens:simatic_ipc827d_firmware:19.02.09
-
cpe:2.3:o:siemens:simatic_ipc847d_firmware:19.01.07
-
cpe:2.3:o:siemens:simatic_ipc847d_firmware:19.01.10
-
cpe:2.3:o:siemens:simatic_itp1000_firmware:-
-
cpe:2.3:o:siemens:simatic_pc547g_firmware:r1.14.0
-
cpe:2.3:o:siemens:simatic_pc547g_firmware:r1.20.0
-
cpe:2.3:o:siemens:simatic_pc547g_firmware:r1.21.0