CVE-2018-3643
https://notcve.org/view.php?id=CVE-2018-3643
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. Una vulnerabilidad en el firmware Power Management Controller en sistemas que emplean un CSME (Intel® Converged Security and Management Engine) específico en versiones anteriores a la 11.8.55, 11.11.55, 11.21.55 y la 12.0.6 o firmware Intel® Server Platform Services en versiones anteriores a la 4.x.04 podría permitir que un atacante con privilegios administrativos descubra ciertos secretos de la plataforma mediante acceso local o que pueda ejecutar código arbitrario. • https://security.netapp.com/advisory/ntap-20180924-0002 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03873en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html •
CVE-2017-5706
https://notcve.org/view.php?id=CVE-2017-5706
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code. Múltiples desbordamientos de búfer en el kernel en Intel Server Platform Services Firmware 4.0 permiten que un atacante con acceso local al sistema ejecute código arbitrario. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101906 http://www.securitytracker.com/id/1039955 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us https://twitter.com/PTsecurity_UK/status& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-5709
https://notcve.org/view.php?id=CVE-2017-5709
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector. Múltiples escalados de privilegios en el kernel en Intel Server Platform Services Firmware 4.0 permiten que un proceso no autorizado acceda a contenidos privilegiados mediante un vector no especificado. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101906 http://www.securitytracker.com/id/1039955 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03798en_us https://www.asus.com/News/wzeltG5CjYaIwGJ •