Description
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
References (6)
Core 6
Core References
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
Vendor Advisory x_refsource_confirm
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106996
Third Party Advisory x_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03876en_us
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180924-0003/
Scores
CVSS v3
5.9
EPSS
0.0147
EPSS Percentile
81.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (14)
intel/active_management_technology_firmware
< 12.0.5
intel/converged_security_management_engine_firmware
11.0.0 - 12.0.5
intel/manageability_engine_firmware
9.0.0.0 - 11.0
siemens/simatic_field_pg_m5_firmware
< 22.01.06
siemens/simatic_ipc427e_firmware
< 21.01.09
siemens/simatic_ipc477e_firmware
< 21.01.09
siemens/simatic_ipc547e_firmware
< r1.30.0
siemens/simatic_ipc627d_firmware
< 19.02.11
siemens/simatic_ipc647d_firmware
< 19.01.14
siemens/simatic_ipc677d_firmware
< 19.02.11
... and 4 more
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026