6 results (0.047 seconds)

CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. Múltiples desbordamientos de búfer en Intel AMT en el firmware Intel CSME en versiones anteriores a la 12.0.5 podrían permitir que un usuario privilegiado ejecute código arbitrario con privilegios de ejecución AMT mediante acceso local. • http://www.securityfocus.com/bid/106996 https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05 https://security.netapp.com/advisory/ntap-20180924-0003 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.9EPSS: 0%CPEs: 25EXPL: 0

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. Vulnerabilidad de canal lateral estilo Bleichenbacher en la implementación TLS en Intel Active Management Technology en versiones anteriores a la 12.0.5 podría permitir que un usuario sin autenticar obtenga la clave de sesión TLS por red. • http://www.securityfocus.com/bid/106996 https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05 https://security.netapp.com/advisory/ntap-20180924-0003 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html •

CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. Múltiples desbordamientos de búfer en Intel AMT en el firmware Intel CSME en versiones anteriores a la 12.0.5 podrían permitir que un usuario no autenticado con Intel AMT provisionado provoque una denegación de servicio (DoS) parcial mediante acceso de red. • http://www.securityfocus.com/bid/106996 https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05 https://security.netapp.com/advisory/ntap-20180924-0003 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •

CVSS: 9.0EPSS: 1%CPEs: 402EXPL: 0

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. Desbordamiento de búfer en el kernel en Active Management Technology (AMT) en Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 permite que un atacante con acceso local al sistema ejecute código arbitrario con el privilegio de ejecución AMT. • http://www.securityfocus.com/bid/101920 http://www.securitytracker.com/id/1039852 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://www.asus.com/News/wzeltG5CjYaIwGJ0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •