Processors
Intel® Processors, Tools, and Utilities
16114 Discussions

Intel Management Engine Components - ICLS CVE-2024-5535

Mat9
Beginner
204 Views

The Intel Management Engine Components suite seems to be vulnerable to CVE-2024-5535.

 

Path to the vulnerable component:

C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\libssl-3-x64.dll

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\libssl-3-x64.dll

 

For SSL to be vulnerable, two conditions must be met:

The OpenSSL version is lesser than 3.0.15
The application is able to call the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer


Please suggest whether Intel released patched versions for the ICLS Client or if this vulnerability has been mitigated.

 

Thank you!

 

0 Kudos
1 Reply
DhannielM_Intel
Moderator
146 Views

Hello Mat9,


Thank you for posting in the community. For reporting this kind of issue, please refer to the article on How to Report Security and Vulnerability Issues Related to Intel® Products.


This will ensure you receive the most specialized assistance for the issue you have identified. The relevant team, knowledgeable and expert in this field, will provide you with appropriate and accurate solutions.


As such, I will be closing this inquiry. If you need further assistance, please submit a new question, as this thread will no longer be monitored.


Best regards,


Dhanniel M.

Intel Customer Support Technician


0 Kudos
Reply