CVE-2018-1027

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2018-1027 is a vulnerability that was discovered in the Intel Active Management Technology (AMT) firmware. This vulnerability allows an attacker with physical access to a computer to bypass the BIOS password and gain remote access to the computer's management features, allowing them to execute arbitrary code, steal data, or modify the system's configuration. The vulnerability affects all versions of the AMT firmware prior to version 11.8.60. The vulnerability was discovered by security researchers at F-Secure in January 2018 and reported to Intel. Intel released a security advisory in March 2018, acknowledging the vulnerability and providing instructions for users to mitigate the risk. The advisory recommended disabling AMT if it was not needed or updating to the latest version of the firmware. Exploits for CVE-2018-1027 were developed and released by various security researchers soon after the vulnerability was disclosed. In May 2018, the Metasploit Framework included an exploit module for the vulnerability, making it easier for attackers to exploit the vulnerability. As a result, the vulnerability became a popular target for attackers, and many organizations were affected. It is important for organizations to stay up-to-date with firmware updates and implement proper security controls to prevent unauthorized physical access to their systems.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2018-1027 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Close Quarters Encounters with Third Generation Malware Compels UK and Danish Municipalities to Remodel Vulnerability Management Safeguards