Sign-up

ID

VAR-201806-1506


CVE

CVE-2018-3691


TITLE

Intel Integrated Performance Primitives Cryptography Library Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006000

DESCRIPTION

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. An attacker could exploit this vulnerability to disclose information

Trust: 1.71

sources: NVD: CVE-2018-3691 // JVNDB: JVNDB-2018-006000 // VULHUB: VHN-133722

AFFECTED PRODUCTS

vendor:intelmodel:integrated performance primitives cryptographyscope:ltversion:2018_u3.1

Trust: 1.0

vendor:intelmodel:integrated performance primitivesscope:ltversion:2018 u3.1

Trust: 0.8

sources: JVNDB: JVNDB-2018-006000 // NVD: CVE-2018-3691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3691
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3691
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201806-291
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133722
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3691
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133722
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3691
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133722 // JVNDB: JVNDB-2018-006000 // CNNVD: CNNVD-201806-291 // NVD: CVE-2018-3691

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-133722 // JVNDB: JVNDB-2018-006000 // NVD: CVE-2018-3691

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-291

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-291

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006000

PATCH
title:intel-sa-00106url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html
Trust: 0.8
title:Intel Integrated Performance Primitives Cryptography Library Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80653
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006000 // 
            
            
            
            CNNVD: CNNVD-201806-291

EXTERNAL IDS
db:NVDid:CVE-2018-3691
Trust: 2.5
db:JVNDBid:JVNDB-2018-006000
Trust: 0.8
db:CNNVDid:CNNVD-201806-291
Trust: 0.7
db:VULHUBid:VHN-133722
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133722 // 
            
            
            
            JVNDB: JVNDB-2018-006000 // 
            
            
            
            CNNVD: CNNVD-201806-291 // 
            
            
            
            NVD: CVE-2018-3691

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3691
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3691
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133722 // 
            
            
            
            JVNDB: JVNDB-2018-006000 // 
            
            
            
            CNNVD: CNNVD-201806-291 // 
            
            
            
            NVD: CVE-2018-3691

SOURCES
db:VULHUBid:VHN-133722
db:JVNDBid:JVNDB-2018-006000
db:CNNVDid:CNNVD-201806-291
db:NVDid:CVE-2018-3691

LAST UPDATE DATE
2024-11-23T22:38:07.564000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133722date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-006000date:2018-08-03T00:00:00
db:CNNVDid:CNNVD-201806-291date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3691date:2024-11-21T04:05:53.853

SOURCES RELEASE DATE
db:VULHUBid:VHN-133722date:2018-06-05T00:00:00
db:JVNDBid:JVNDB-2018-006000date:2018-08-03T00:00:00
db:CNNVDid:CNNVD-201806-291date:2018-06-06T00:00:00
db:NVDid:CVE-2018-3691date:2018-06-05T21:29:00.993