Sign-up

ID

VAR-201809-1043


CVE

CVE-2018-3679


TITLE

Intel Data Center Manager SDK Vulnerabilities in authorization, authority and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-010705

DESCRIPTION

Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges. Intel Data Center Manager SDK Contains vulnerabilities in authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Intel Data Center Manager SDK is a data center manager SDK (Software Development Kit) of Intel Corporation. This product mainly provides real-time power supply and heat dissipation data of equipment. A remote attacker could exploit this vulnerability to elevate privileges and execute code with administrator privileges

Trust: 1.71

sources: NVD: CVE-2018-3679 // JVNDB: JVNDB-2018-010705 // VULHUB: VHN-133710

AFFECTED PRODUCTS

vendor:intelmodel:data center managerscope:lteversion:5.0

Trust: 1.0

vendor:intelmodel:data center manager sdkscope:lteversion:5.0

Trust: 0.8

vendor:intelmodel:data center managerscope:eqversion:5.0

Trust: 0.6

sources: JVNDB: JVNDB-2018-010705 // CNNVD: CNNVD-201809-601 // NVD: CVE-2018-3679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3679
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-3679
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-601
value: CRITICAL

Trust: 0.6

VULHUB: VHN-133710
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3679
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133710
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3679
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133710 // JVNDB: JVNDB-2018-010705 // CNNVD: CNNVD-201809-601 // NVD: CVE-2018-3679

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-133710 // JVNDB: JVNDB-2018-010705 // NVD: CVE-2018-3679

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-601

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-601

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010705

PATCH
title:INTEL-SA-00143url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html
Trust: 0.8
title:Intel Data Center Manager SDK Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84861
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010705 // 
            
            
            
            CNNVD: CNNVD-201809-601

EXTERNAL IDS
db:NVDid:CVE-2018-3679
Trust: 2.5
db:JVNDBid:JVNDB-2018-010705
Trust: 0.8
db:CNNVDid:CNNVD-201809-601
Trust: 0.7
db:VULHUBid:VHN-133710
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133710 // 
            
            
            
            JVNDB: JVNDB-2018-010705 // 
            
            
            
            CNNVD: CNNVD-201809-601 // 
            
            
            
            NVD: CVE-2018-3679

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3679
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3679
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133710 // 
            
            
            
            JVNDB: JVNDB-2018-010705 // 
            
            
            
            CNNVD: CNNVD-201809-601 // 
            
            
            
            NVD: CVE-2018-3679

SOURCES
db:VULHUBid:VHN-133710
db:JVNDBid:JVNDB-2018-010705
db:CNNVDid:CNNVD-201809-601
db:NVDid:CVE-2018-3679

LAST UPDATE DATE
2024-11-23T21:52:48.864000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133710date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-010705date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201809-601date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3679date:2024-11-21T04:05:52.870

SOURCES RELEASE DATE
db:VULHUBid:VHN-133710date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-010705date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201809-601date:2018-09-13T00:00:00
db:NVDid:CVE-2018-3679date:2018-09-12T19:29:03.433