Sign-up

ID

VAR-201809-1103


CVE

CVE-2018-3643


TITLE

Intel Converged Security and Management Engine and Server Platform Services Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-010983

DESCRIPTION

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. Intel Atom Processor C3000 Series Platform and other products are processor products of Intel Corporation of the United States. The Intel Power Management Controller is one of the power management controllers. A security vulnerability exists in the Intel Power Management Controller. A local attacker could exploit this vulnerability to escalate permissions or reveal information

Trust: 2.43

sources: NVD: CVE-2018-3643 // JVNDB: JVNDB-2018-010983 // CNVD: CNVD-2019-41628 // IVD: f691cf6e-9d50-48b4-8b54-12f77051a648 // VULHUB: VHN-133674

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: f691cf6e-9d50-48b4-8b54-12f77051a648 // CNVD: CNVD-2019-41628

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:12.0.6

Trust: 1.0

vendor:intelmodel:server platform servicesscope:ltversion:4.00.04

Trust: 1.0

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security and management enginescope:ltversion:11.8.55

Trust: 0.6

vendor:intelmodel:converged security and management enginescope:ltversion:11.11.55

Trust: 0.6

vendor:intelmodel:converged security and management enginescope:ltversion:11.21.55

Trust: 0.6

vendor:intelmodel:converged security and management enginescope:ltversion:12.0.6

Trust: 0.6

vendor:intelmodel:server platform servicesscope:eqversion:4.x.04

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion: -

Trust: 0.6

vendor:intelmodel:converged security management enginescope:eqversion:12.0.5

Trust: 0.6

vendor:converged security management enginemodel: - scope:eqversion:*

Trust: 0.2

vendor:server platform servicesmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f691cf6e-9d50-48b4-8b54-12f77051a648 // CNVD: CNVD-2019-41628 // JVNDB: JVNDB-2018-010983 // CNNVD: CNNVD-201809-607 // NVD: CVE-2018-3643

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3643
value: HIGH

Trust: 1.0

NVD: CVE-2018-3643
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-41628
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-607
value: HIGH

Trust: 0.6

IVD: f691cf6e-9d50-48b4-8b54-12f77051a648
value: HIGH

Trust: 0.2

VULHUB: VHN-133674
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3643
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41628
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f691cf6e-9d50-48b4-8b54-12f77051a648
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-133674
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3643
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: IVD: f691cf6e-9d50-48b4-8b54-12f77051a648 // CNVD: CNVD-2019-41628 // VULHUB: VHN-133674 // JVNDB: JVNDB-2018-010983 // CNNVD: CNNVD-201809-607 // NVD: CVE-2018-3643

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-133674 // JVNDB: JVNDB-2018-010983 // NVD: CVE-2018-3643

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-607

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-607

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010983

PATCH
title:INTEL-SA-00131url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html
Trust: 0.8
title:Patch for Unknown vulnerabilities in Intel Power Management Controllerurl:https://www.cnvd.org.cn/patchInfo/show/191341
Trust: 0.6
title:Intel Power Management Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84866
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41628 // 
            
            
            
            JVNDB: JVNDB-2018-010983 // 
            
            
            
            CNNVD: CNNVD-201809-607

EXTERNAL IDS
db:NVDid:CVE-2018-3643
Trust: 3.3
db:CNNVDid:CNNVD-201809-607
Trust: 0.9
db:CNVDid:CNVD-2019-41628
Trust: 0.8
db:JVNDBid:JVNDB-2018-010983
Trust: 0.8
db:IVDid:F691CF6E-9D50-48B4-8B54-12F77051A648
Trust: 0.2
db:VULHUBid:VHN-133674
Trust: 0.1
sources:
            
            
            IVD: f691cf6e-9d50-48b4-8b54-12f77051a648 // 
            
            
            
            CNVD: CNVD-2019-41628 // 
            
            
            
            VULHUB: VHN-133674 // 
            
            
            
            JVNDB: JVNDB-2018-010983 // 
            
            
            
            CNNVD: CNNVD-201809-607 // 
            
            
            
            NVD: CVE-2018-3643

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03873en_us
Trust: 2.4
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html
Trust: 2.3
url:https://security.netapp.com/advisory/ntap-20180924-0002/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3643
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3643
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03873en_us
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-41628 // 
            
            
            
            VULHUB: VHN-133674 // 
            
            
            
            JVNDB: JVNDB-2018-010983 // 
            
            
            
            CNNVD: CNNVD-201809-607 // 
            
            
            
            NVD: CVE-2018-3643

SOURCES
db:IVDid:f691cf6e-9d50-48b4-8b54-12f77051a648
db:CNVDid:CNVD-2019-41628
db:VULHUBid:VHN-133674
db:JVNDBid:JVNDB-2018-010983
db:CNNVDid:CNNVD-201809-607
db:NVDid:CVE-2018-3643

LAST UPDATE DATE
2024-11-23T22:06:36.484000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41628date:2019-11-21T00:00:00
db:VULHUBid:VHN-133674date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-010983date:2018-12-28T00:00:00
db:CNNVDid:CNNVD-201809-607date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3643date:2024-11-21T04:05:49.770

SOURCES RELEASE DATE
db:IVDid:f691cf6e-9d50-48b4-8b54-12f77051a648date:2019-11-21T00:00:00
db:CNVDid:CNVD-2019-41628date:2019-11-21T00:00:00
db:VULHUBid:VHN-133674date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-010983date:2018-12-28T00:00:00
db:CNNVDid:CNNVD-201809-607date:2018-09-13T00:00:00
db:NVDid:CVE-2018-3643date:2018-09-12T19:29:02.557