Sign-up

ID

VAR-201809-1076


CVE

CVE-2018-3659


TITLE

Intel CSME firmware and TXE Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-010879

DESCRIPTION

A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access. Both Intel CSME and Intel TXE are products of Intel Corporation of the United States. Intel CSME is a converged security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel PTT module is one of the trusted platform modules. An attacker in physical proximity could exploit this vulnerability to disclose information

Trust: 1.71

sources: NVD: CVE-2018-3659 // JVNDB: JVNDB-2018-010879 // VULHUB: VHN-133690

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:12.0.5

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:4.0

Trust: 1.8

vendor:intelmodel:converged security management enginescope:eqversion: -

Trust: 0.6

vendor:intelmodel:trusted execution enginescope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2018-010879 // CNNVD: CNNVD-201809-603 // NVD: CVE-2018-3659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3659
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3659
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-603
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133690
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3659
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133690
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3659
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133690 // JVNDB: JVNDB-2018-010879 // CNNVD: CNNVD-201809-603 // NVD: CVE-2018-3659

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-133690 // JVNDB: JVNDB-2018-010879 // NVD: CVE-2018-3659

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-603

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-603

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010879

PATCH
title:INTEL-SA-00142url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html
Trust: 0.8
title:Intel CSME  and Intel TXE PTT Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84862
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010879 // 
            
            
            
            CNNVD: CNNVD-201809-603

EXTERNAL IDS
db:NVDid:CVE-2018-3659
Trust: 2.5
db:JVNDBid:JVNDB-2018-010879
Trust: 0.8
db:CNNVDid:CNNVD-201809-603
Trust: 0.7
db:VULHUBid:VHN-133690
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133690 // 
            
            
            
            JVNDB: JVNDB-2018-010879 // 
            
            
            
            CNNVD: CNNVD-201809-603 // 
            
            
            
            NVD: CVE-2018-3659

REFERENCES
url:https://security.netapp.com/advisory/ntap-20180924-0003/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3659
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3659
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133690 // 
            
            
            
            JVNDB: JVNDB-2018-010879 // 
            
            
            
            CNNVD: CNNVD-201809-603 // 
            
            
            
            NVD: CVE-2018-3659

SOURCES
db:VULHUBid:VHN-133690
db:JVNDBid:JVNDB-2018-010879
db:CNNVDid:CNNVD-201809-603
db:NVDid:CVE-2018-3659

LAST UPDATE DATE
2024-11-23T22:12:20.330000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133690date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-010879date:2018-12-27T00:00:00
db:CNNVDid:CNNVD-201809-603date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3659date:2024-11-21T04:05:51.160

SOURCES RELEASE DATE
db:VULHUBid:VHN-133690date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-010879date:2018-12-27T00:00:00
db:CNNVDid:CNNVD-201809-603date:2018-09-13T00:00:00
db:NVDid:CVE-2018-3659date:2018-09-12T19:29:03.107