Details of VAR-201810-0095

ID

VAR-201810-0095

CVE

CVE-2018-12158

TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2018-008201

DESCRIPTION

Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * information leak * any WebGL Code execution. Intel NUC FW kits is a mini desktop computer produced by Intel Corporation. The BIOS update utility is one of the BIOS() update utilities. A local attacker could exploit this vulnerability to cause denial of service or information disclosure

Trust: 1.71

sources: NVD: CVE-2018-12158 // JVNDB: JVNDB-2018-008201 // VULHUB: VHN-122089

AFFECTED PRODUCTS

vendor:	intel	model:	next unit of computing	scope:	lt	version:	2018-05-24	Trust: 1.0
vendor:	intel	model:	nuc kits	scope:	eq	version:	2018 year 5 moon 24 before the japanese version	Trust: 0.8
vendor:	intel	model:	quickassist technology	scope:	eq	version:	for linux version 4.2	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	10.18.x.5056 (aka 15.33.x.5056)	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	10.18.x.5057 (aka 15.36.x.5057)	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	20.19.x.5058 (aka 15.40.x.5058)	Trust: 0.8

sources: JVNDB: JVNDB-2018-008201 // NVD: CVE-2018-12158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12158
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-201810-534
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-122089
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-12158
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-122089
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12158
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-122089 // CNNVD: CNNVD-201810-534 // NVD: CVE-2018-12158

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-122089 // NVD: CVE-2018-12158

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-534

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-534

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008201

PATCH

title:	INTEL-OSS-10005 - Intel QuickAssist Technology for Linux Advisory	url:	https://01.org/security/advisories/intel-oss-10005	Trust: 0.8
title:	INTEL-SA-00166 - Intel Graphics Driver Unified Shader Compiler Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html	Trust: 0.8
title:	INTEL-SA-00168 - Intel NUC Bios Updater Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html	Trust: 0.8
title:	Intel NUC FW kits Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85665	Trust: 0.6

sources: JVNDB: JVNDB-2018-008201 // CNNVD: CNNVD-201810-534

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12158	Trust: 2.5
db:	JVN	id:	JVNVU99973215	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-008201	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-534	Trust: 0.7
db:	CNVD	id:	CNVD-2020-18577	Trust: 0.1
db:	VULHUB	id:	VHN-122089	Trust: 0.1

sources: VULHUB: VHN-122089 // JVNDB: JVNDB-2018-008201 // CNNVD: CNNVD-201810-534 // NVD: CVE-2018-12158

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12152	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12158	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12153	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12154	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12193	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99973215/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12158	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12193	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12152	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12153	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12154	Trust: 0.8

sources: VULHUB: VHN-122089 // JVNDB: JVNDB-2018-008201 // CNNVD: CNNVD-201810-534 // NVD: CVE-2018-12158

SOURCES

db:	VULHUB	id:	VHN-122089
db:	JVNDB	id:	JVNDB-2018-008201
db:	CNNVD	id:	CNNVD-201810-534
db:	NVD	id:	CVE-2018-12158

LAST UPDATE DATE

2024-11-23T19:47:09.315000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122089	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-008201	date:	2019-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201810-534	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-12158	date:	2024-11-21T03:44:40.410

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122089	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-008201	date:	2018-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201810-534	date:	2018-10-11T00:00:00
db:	NVD	id:	CVE-2018-12158	date:	2018-10-10T18:29:04.047