Details of VAR-201805-0968

ID

VAR-201805-0968

CVE

CVE-2018-3612

TITLE

Intel NUC kit Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005088

DESCRIPTION

Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). Multiple Intel Products are prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. Intel MKKBLY35.86A is a firmware used in Intel NUC products by Intel Corporation of the United States. An input validation error vulnerability exists in several Intel products due to the program's inadequate implementation of input validation. The following products and versions are affected: Intel MKKBLY35.86A; MKKBLi5v.86A; GKAPLCPX.86A; DNKBLi7v.86A; DNKBLi5v.86A; DNKBLi30.86A; 86A; MYBDWi5v.86A; MYBDWi30.86A; TYBYT10H.86A; FYBYT10H.86A; CCSKLm5v.86A;

Trust: 1.98

sources: NVD: CVE-2018-3612 // JVNDB: JVNDB-2018-005088 // BID: 104245 // VULHUB: VHN-133643

AFFECTED PRODUCTS

vendor:	intel	model:	tybyt10h.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	mkkbli5v.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	mybdwi5v.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	kyskli70.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	gkaplcpx.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	mkkbly35.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	dnkbli7v.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	syskli35.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	mybdwi30.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	rybdwi35.86a	scope:	eq	version:	-	Trust: 1.6
vendor:	intel	model:	bios	scope:	eq	version:	kyskli70.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	mybdwi5v.86a	Trust: 1.0
vendor:	intel	model:	ayaplcel.86a	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	bnkbl357.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	ayaplcel.86a	Trust: 1.0
vendor:	intel	model:	dnkbli5v.86a	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	mybdwi30.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	dnkbli7v.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	fybyt10h.86a	Trust: 1.0
vendor:	intel	model:	ccsklm5v.86a	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	tybyt10h.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	dnkbli5v.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	syskli35.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	ccsklm5v.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	mkkbly35.86a	Trust: 1.0
vendor:	intel	model:	fybyt10h.86a	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	ccsklm30.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	mkkbli5v.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	rybdwi35.86a	Trust: 1.0
vendor:	intel	model:	dnkbli30.86a	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	gkaplcpx.86a	Trust: 1.0
vendor:	intel	model:	bios	scope:	eq	version:	dnkbli30.86a	Trust: 1.0
vendor:	intel	model:	bnkbl357.86a	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	ccsklm30.86a	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	nuc bios	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	kaby lake y i5 vpro	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	kaby lake y i3	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	kaby lake u i5 vpro	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	kaby lake r i7	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	apollo lake	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104245 // JVNDB: JVNDB-2018-005088 // CNNVD: CNNVD-201805-328 // NVD: CVE-2018-3612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3612
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-3612
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201805-328
value:	HIGH
Trust: 0.6
VULHUB:	VHN-133643
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-3612
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-133643
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-3612
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-133643 // JVNDB: JVNDB-2018-005088 // CNNVD: CNNVD-201805-328 // NVD: CVE-2018-3612

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-133643 // JVNDB: JVNDB-2018-005088 // NVD: CVE-2018-3612

THREAT TYPE

local

Trust: 0.9

sources: BID: 104245 // CNNVD: CNNVD-201805-328

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201805-328

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005088

PATCH

title:	INTEL-SA-00110	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html	Trust: 0.8
title:	Intel NUC kits Fixes for system firmware security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79999	Trust: 0.6

sources: JVNDB: JVNDB-2018-005088 // CNNVD: CNNVD-201805-328

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3612	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-005088	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-328	Trust: 0.7
db:	BID	id:	104245	Trust: 0.4
db:	VULHUB	id:	VHN-133643	Trust: 0.1

sources: VULHUB: VHN-133643 // BID: 104245 // JVNDB: JVNDB-2018-005088 // CNNVD: CNNVD-201805-328 // NVD: CVE-2018-3612

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3612	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3612	Trust: 0.8
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-133643 // BID: 104245 // JVNDB: JVNDB-2018-005088 // CNNVD: CNNVD-201805-328 // NVD: CVE-2018-3612

CREDITS

Embedi

Trust: 0.3

sources: BID: 104245

SOURCES

db:	VULHUB	id:	VHN-133643
db:	BID	id:	104245
db:	JVNDB	id:	JVNDB-2018-005088
db:	CNNVD	id:	CNNVD-201805-328
db:	NVD	id:	CVE-2018-3612

LAST UPDATE DATE

2024-11-23T22:26:23.176000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-133643	date:	2018-06-18T00:00:00
db:	BID	id:	104245	date:	2018-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005088	date:	2018-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201805-328	date:	2020-07-23T00:00:00
db:	NVD	id:	CVE-2018-3612	date:	2024-11-21T04:05:46.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-133643	date:	2018-05-10T00:00:00
db:	BID	id:	104245	date:	2018-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-005088	date:	2018-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201805-328	date:	2018-05-11T00:00:00
db:	NVD	id:	CVE-2018-3612	date:	2018-05-10T22:29:00.307