CVE-2018-3616 | Vulnerability Database | Aqua Security

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

Affected Software

Name	Vendor	Start Version	End Version
Converged_security_management_engine_firmware	Intel	11.0.0 (including)	12.0.5 (excluding)
Active_management_technology_firmware	Intel	*	12.0.5 (excluding)
Manageability_engine_firmware	Intel	9.0.0.0 (including)	11.0 (excluding)

References

http://www.securityfocus.com/bid/106996
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03876en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html
http://www.securityfocus.com/bid/106996
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05
https://security.netapp.com/advisory/ntap-20180924-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03876en_us
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-3616
CWE	https://cwe.mitre.org/data/definitions/.html