- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Intel Management Engine Components suite seems to be vulnerable to CVE-2024-5535.
Path to the vulnerable component:
C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\libssl-3-x64.dll
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\libssl-3-x64.dll
For SSL to be vulnerable, two conditions must be met:
The OpenSSL version is lesser than 3.0.15
The application is able to call the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer
Please suggest whether Intel released patched versions for the ICLS Client or if this vulnerability has been mitigated.
Thank you!
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Mat9,
Thank you for posting in the community. For reporting this kind of issue, please refer to the article on How to Report Security and Vulnerability Issues Related to Intel® Products.
This will ensure you receive the most specialized assistance for the issue you have identified. The relevant team, knowledgeable and expert in this field, will provide you with appropriate and accurate solutions.
As such, I will be closing this inquiry. If you need further assistance, please submit a new question, as this thread will no longer be monitored.
Best regards,
Dhanniel M.
Intel Customer Support Technician

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page