Sign-up

ID

VAR-200809-0335


CVE

CVE-2008-3900


TITLE

Intel Vulnerabilities that can capture important information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2008-004812

DESCRIPTION

Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. Bios is prone to a information disclosure vulnerability. Intel firmware PE94510M is intel's bios update applet. information

Trust: 1.98

sources: NVD: CVE-2008-3900 // JVNDB: JVNDB-2008-004812 // BID: 84872 // VULHUB: VHN-34025

AFFECTED PRODUCTS

vendor:intelmodel:biosscope:eqversion:pe94510m.86a.0050.2007.0710.1559

Trust: 2.4

vendor:intelmodel:bios pe94510m.86a.0050.20scope: - version: -

Trust: 0.3

sources: BID: 84872 // JVNDB: JVNDB-2008-004812 // CNNVD: CNNVD-200809-044 // NVD: CVE-2008-3900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3900
value: LOW

Trust: 1.0

NVD: CVE-2008-3900
value: LOW

Trust: 0.8

CNNVD: CNNVD-200809-044
value: LOW

Trust: 0.6

VULHUB: VHN-34025
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2008-3900
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-34025
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-34025 // JVNDB: JVNDB-2008-004812 // CNNVD: CNNVD-200809-044 // NVD: CVE-2008-3900

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-34025 // JVNDB: JVNDB-2008-004812 // NVD: CVE-2008-3900

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200809-044

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200809-044

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-004812

PATCH
title:Top pageurl:http://www.intel.co.jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-004812

EXTERNAL IDS
db:NVDid:CVE-2008-3900
Trust: 2.8
db:SREASONid:4205
Trust: 2.0
db:SECTRACKid:1020738
Trust: 2.0
db:CERT/CCid:VU#604539
Trust: 1.1
db:JVNDBid:JVNDB-2008-004812
Trust: 0.8
db:BUGTRAQid:20080825 [IVIZ-08-004] INTEL BIOS PLAIN TEXT PASSWORD DISCLOSURE
Trust: 0.6
db:CNNVDid:CNNVD-200809-044
Trust: 0.6
db:BIDid:84872
Trust: 0.4
db:VULHUBid:VHN-34025
Trust: 0.1
sources:
            
            
            VULHUB: VHN-34025 // 
            
            
            
            BID: 84872 // 
            
            
            
            JVNDB: JVNDB-2008-004812 // 
            
            
            
            CNNVD: CNNVD-200809-044 // 
            
            
            
            NVD: CVE-2008-3900

REFERENCES
url:http://www.ivizsecurity.com/preboot-patch.html
Trust: 2.0
url:http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
Trust: 2.0
url:http://securitytracker.com/id?1020738
Trust: 2.0
url:http://securityreason.com/securityalert/4205
Trust: 2.0
url:http://www.securityfocus.com/archive/1/495804/100/0/threaded
Trust: 1.1
url:http://www.kb.cert.org/vuls/id/604539
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/495804/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3900
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3900
Trust: 0.8
sources:
            
            
            VULHUB: VHN-34025 // 
            
            
            
            BID: 84872 // 
            
            
            
            JVNDB: JVNDB-2008-004812 // 
            
            
            
            CNNVD: CNNVD-200809-044 // 
            
            
            
            NVD: CVE-2008-3900

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 84872

SOURCES
db:VULHUBid:VHN-34025
db:BIDid:84872
db:JVNDBid:JVNDB-2008-004812
db:CNNVDid:CNNVD-200809-044
db:NVDid:CVE-2008-3900

LAST UPDATE DATE
2024-11-23T21:48:23.870000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-34025date:2018-10-11T00:00:00
db:BIDid:84872date:2008-09-03T00:00:00
db:JVNDBid:JVNDB-2008-004812date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200809-044date:2009-01-29T00:00:00
db:NVDid:CVE-2008-3900date:2024-11-21T00:50:23.400

SOURCES RELEASE DATE
db:VULHUBid:VHN-34025date:2008-09-03T00:00:00
db:BIDid:84872date:2008-09-03T00:00:00
db:JVNDBid:JVNDB-2008-004812date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200809-044date:2008-09-03T00:00:00
db:NVDid:CVE-2008-3900date:2008-09-03T14:12:00