Main Vulnerability Database Vulnerabilities #VU14128

Buffer overflow in Active Management Technology SDK - CVE-2018-3628

Published: July 24, 2018 / Updated: July 31, 2018

Vulnerability identifier: #VU14128

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-3628

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Intel

Affected software:
Active Management Technology SDK

Detailed vulnerability description

The vulnerability allows a remote attacker on the local network to gain elevated privileges on the target system.

The vulnerability exists due to buffer overflow in the HTTP handler when handling malicious input. A remote attacker can send specially crafted data, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-3628

Install update from vendor's website.

Sources

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html

Buffer overflow in Active Management Technology SDK - CVE-2018-3628

Detailed vulnerability description

How to mitigate CVE-2018-3628

Sources

Please verify you're human