Sign-up

ID

VAR-201809-1073


CVE

CVE-2018-3655


TITLE

plural Intel Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-008423

DESCRIPTION

A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access. Multiple Intel Products are prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to potentially modify or disclose sensitive information. This may lead to further attacks. Intel CSME is a converged security management engine. Intel Trusted Execution Engine is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit)

Trust: 2.07

sources: NVD: CVE-2018-3655 // JVNDB: JVNDB-2018-008423 // BID: 105793 // VULHUB: VHN-133686 // VULMON: CVE-2018-3655

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:lteversion:11.11.50

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:4.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:lteversion:3.1.50

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:converged security management enginescope:lteversion:11.21.51

Trust: 1.0

vendor:intelmodel:converged security management enginescope:lteversion:11.8.50

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:csmescope:ltversion:11.21.55

Trust: 0.8

vendor:intelmodel:server platform servicesscope:ltversion:11.21.55

Trust: 0.8

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.55

Trust: 0.8

vendor:intelmodel:trusted execution enginescope:eqversion:3.1.50.2222

Trust: 0.3

vendor:intelmodel:trusted execution enginescope:eqversion:3.0

Trust: 0.3

vendor:intelmodel:server platform services sps soc-x 04.00.04.0scope: - version: -

Trust: 0.3

vendor:intelmodel:server platform services sps soc-a 04.00.04.1scope: - version: -

Trust: 0.3

vendor:intelmodel:server platform services sps e5 04.00.04.340.scope: - version: -

Trust: 0.3

vendor:intelmodel:converged security management enginescope:eqversion:11.8.50.3399

Trust: 0.3

vendor:intelmodel:converged security management enginescope:eqversion:11.21.50.1400

Trust: 0.3

vendor:intelmodel:converged security management enginescope:eqversion:11.20

Trust: 0.3

vendor:intelmodel:converged security management enginescope:eqversion:11.11.50.1402

Trust: 0.3

vendor:intelmodel:converged security management enginescope:eqversion:11.10

Trust: 0.3

vendor:intelmodel:converged security management enginescope:eqversion:11.0

Trust: 0.3

vendor:intelmodel:trusted execution enginescope:neversion:3.1.55

Trust: 0.3

vendor:intelmodel:server platform services sps soc-a 04.00.04.1scope:neversion: -

Trust: 0.3

vendor:intelmodel:server platform services sps soc-a 04.00.04.0scope:neversion: -

Trust: 0.3

vendor:intelmodel:server platform services sps e5 04.00.04.381.scope:neversion: -

Trust: 0.3

vendor:intelmodel:converged security management enginescope:neversion:11.21.55

Trust: 0.3

vendor:intelmodel:converged security management enginescope:neversion:11.11.55

Trust: 0.3

vendor:intelmodel:converged security management enginescope:neversion:11.8.55

Trust: 0.3

sources: BID: 105793 // JVNDB: JVNDB-2018-008423 // NVD: CVE-2018-3655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3655
value: HIGH

Trust: 1.0

NVD: CVE-2018-3655
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-606
value: HIGH

Trust: 0.6

VULHUB: VHN-133686
value: LOW

Trust: 0.1

VULMON: CVE-2018-3655
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3655
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-133686
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3655
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 5.8
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133686 // VULMON: CVE-2018-3655 // JVNDB: JVNDB-2018-008423 // CNNVD: CNNVD-201809-606 // NVD: CVE-2018-3655

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-133686 // JVNDB: JVNDB-2018-008423 // NVD: CVE-2018-3655

THREAT TYPE

local

Trust: 0.9

sources: BID: 105793 // CNNVD: CNNVD-201809-606

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-606

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008423

PATCH
title:INTEL-SA-00125url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
Trust: 0.8
title:Intel CSME , Intel Server Platform Services  and Intel Trusted Execution Engine Subsystem security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84865
Trust: 0.6
title:HP: HPSBHF03592 rev. 3 - Intel Converged Security and Management Engine (CSME) and Power Management Controller (PMC) Security Updatesurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03592
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-3655 // 
            
            
            
            JVNDB: JVNDB-2018-008423 // 
            
            
            
            CNNVD: CNNVD-201809-606

EXTERNAL IDS
db:NVDid:CVE-2018-3655
Trust: 2.9
db:JVNDBid:JVNDB-2018-008423
Trust: 0.8
db:CNNVDid:CNNVD-201809-606
Trust: 0.7
db:BIDid:105793
Trust: 0.3
db:VULHUBid:VHN-133686
Trust: 0.1
db:VULMONid:CVE-2018-3655
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133686 // 
            
            
            
            VULMON: CVE-2018-3655 // 
            
            
            
            BID: 105793 // 
            
            
            
            JVNDB: JVNDB-2018-008423 // 
            
            
            
            CNNVD: CNNVD-201809-606 // 
            
            
            
            NVD: CVE-2018-3655

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03873en_us
Trust: 2.5
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
Trust: 2.1
url:https://security.netapp.com/advisory/ntap-20180924-0003/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3655
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3655
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03873en_us
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/149866
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133686 // 
            
            
            
            VULMON: CVE-2018-3655 // 
            
            
            
            BID: 105793 // 
            
            
            
            JVNDB: JVNDB-2018-008423 // 
            
            
            
            CNNVD: CNNVD-201809-606 // 
            
            
            
            NVD: CVE-2018-3655

CREDITS
Dmitry Sklyarov and Maxim Goryachy from Positive Technologies
Trust: 0.3
sources:
            
            
            BID: 105793

SOURCES
db:VULHUBid:VHN-133686
db:VULMONid:CVE-2018-3655
db:BIDid:105793
db:JVNDBid:JVNDB-2018-008423
db:CNNVDid:CNNVD-201809-606
db:NVDid:CVE-2018-3655

LAST UPDATE DATE
2024-11-23T23:12:02.872000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133686date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-3655date:2019-10-03T00:00:00
db:BIDid:105793date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-008423date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201809-606date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3655date:2024-11-21T04:05:50.727

SOURCES RELEASE DATE
db:VULHUBid:VHN-133686date:2018-09-12T00:00:00
db:VULMONid:CVE-2018-3655date:2018-09-12T00:00:00
db:BIDid:105793date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-008423date:2018-10-16T00:00:00
db:CNNVDid:CNNVD-201809-606date:2018-09-13T00:00:00
db:NVDid:CVE-2018-3655date:2018-09-12T19:29:02.683