ID
VAR-201807-1640
CVE
CVE-2018-3682
TITLE
BMC Firmware vulnerabilities related to authorization, authority, and access control
Trust: 0.8
DESCRIPTION
BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. BMC Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel ServerBoard, ComputeModule, and ServerSystem are products of Intel Corporation of the United States. IntelServerBoard is a server motherboard. ComputeModule is a computing module. ServerSystem is a server array card. A security vulnerability exists in the BMC firmware in IntelServerBoard, IntelComputeModule, and IntelServerSystem. An attacker could exploit this vulnerability to perform write and read operations on SMBUS
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | intel | model: | bmc | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | intel | model: | bmc | scope: | - | version: | - | Trust: 0.8 |
| vendor: | intel | model: | intel\302\256 server board | scope: | - | version: | - | Trust: 0.6 |
| vendor: | intel | model: | intel\302\256 compute module | scope: | - | version: | - | Trust: 0.6 |
| vendor: | intel | model: | intel\302\256 server system | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-269 | Trust: 1.1 |
| problemtype: | CWE-264 | Trust: 0.9 |
THREAT TYPE
local
Trust: 0.6
TYPE
permissions and access control issues
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | INTEL-SA-00130 | url: | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html | Trust: 0.8 |
| title: | Patch for IntelServerBoard, ComputeModule, and ServerSystem denial of service vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/137777 | Trust: 0.6 |
| title: | Intel Server Board , Compute Module and Server System Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81952 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-3682 | Trust: 3.1 |
| db: | JVNDB | id: | JVNDB-2018-008010 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201807-889 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2018-15554 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-133713 | Trust: 0.1 |
REFERENCES
| url: | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html | Trust: 2.3 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3682 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-3682 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2018-15554 |
| db: | VULHUB | id: | VHN-133713 |
| db: | JVNDB | id: | JVNDB-2018-008010 |
| db: | CNNVD | id: | CNNVD-201807-889 |
| db: | NVD | id: | CVE-2018-3682 |
LAST UPDATE DATE
2024-11-23T22:22:01.949000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2018-15554 | date: | 2018-08-17T00:00:00 |
| db: | VULHUB | id: | VHN-133713 | date: | 2019-10-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-008010 | date: | 2018-10-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201807-889 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2018-3682 | date: | 2024-11-21T04:05:53.010 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2018-15554 | date: | 2018-08-17T00:00:00 |
| db: | VULHUB | id: | VHN-133713 | date: | 2018-07-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-008010 | date: | 2018-10-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201807-889 | date: | 2018-07-10T00:00:00 |
| db: | NVD | id: | CVE-2018-3682 | date: | 2018-07-10T21:29:01.107 |