Lenovo Security Advisory: LEN-21031
**Potential Impact:**Elevation of Privilege
Severity: High
Scope of Impact: Industry-wide
CVE Identifier: CVE-2018-3628, CVE-2018-3629, CVE-2018-3632
Summary Description:
Intel performed a security review of their Intel® Management Engine (ME) firmware, and identified arbitrary code execution, denial of service, and memory corruption vulnerabilities affecting Intel® Active Management Technology 3.x/4.x/5.x/6.x/7.x/8.x/9.x/10.x/11.x. Lenovo will release updates for versions 9.x/10.x/11.x. Intel is no longer supporting version 8.x and earlier, so these versions will not have updates.
This advisory applies only to AMT. The Server Platform Services (SPS) and Trusted Execution Environment (TXE) ME variants are not affected.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel recommends updating to the ME firmware version (or newer) indicated for your model in the Product Impact section below.
Product Impact: