关键漏洞信息 表格信息 漏洞详情 CVEID: CVE-2018-3657 - 描述: Multiple buffer overflows in Intel® AMT in Intel® CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel® AMT execution privilege via local access. - CVSS Base Score: 6.7 Medium - CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVEID: CVE-2018-3658 - 描述: Multiple memory leaks in Intel® AMT in Intel® CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel® AMT provisioned to potentially cause a partial denial of service via network access. - CVSS Base Score: 5.3 Medium - CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVEID: CVE-2018-3616 - 描述: Bleichenbacher-style side channel vulnerability in TLS implementation in Intel® Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. - CVSS Base Score: 7.4 High - CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 影响的产品 *resolves CVE-2018-3616 only. 建议 Intel recommends that users of Intel® CSME update to the latest version provided by the system manufacturer that addresses these issues.