Sign-up

ID

VAR-201811-0480


CVE

CVE-2018-3696


TITLE

Windows for Intel RAID Web Console 3 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012844

DESCRIPTION

Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. Successfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks

Trust: 1.98

sources: NVD: CVE-2018-3696 // JVNDB: JVNDB-2018-012844 // BID: 106028 // VULHUB: VHN-133727

AFFECTED PRODUCTS

vendor:intelmodel:raid web console 3scope:ltversion:4.186

Trust: 1.0

vendor:intelmodel:raid web console v3scope:ltversion:4.186

Trust: 0.8

vendor:intelmodel:raid web consolescope:eqversion:3

Trust: 0.3

vendor:intelmodel:raid web consolescope:neversion:4.186

Trust: 0.3

sources: BID: 106028 // JVNDB: JVNDB-2018-012844 // NVD: CVE-2018-3696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3696
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3696
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-440
value: LOW

Trust: 0.6

VULHUB: VHN-133727
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3696
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133727
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3696
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133727 // JVNDB: JVNDB-2018-012844 // CNNVD: CNNVD-201811-440 // NVD: CVE-2018-3696

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-133727 // JVNDB: JVNDB-2018-012844 // NVD: CVE-2018-3696

THREAT TYPE

local

Trust: 0.9

sources: BID: 106028 // CNNVD: CNNVD-201811-440

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201811-440

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012844

PATCH
title:INTEL-SA-00196url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00196.html
Trust: 0.8
title:Intel RAID Web Console for Windows Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86838
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012844 // 
            
            
            
            CNNVD: CNNVD-201811-440

EXTERNAL IDS
db:NVDid:CVE-2018-3696
Trust: 2.8
db:BIDid:106028
Trust: 1.4
db:JVNDBid:JVNDB-2018-012844
Trust: 0.8
db:CNNVDid:CNNVD-201811-440
Trust: 0.7
db:VULHUBid:VHN-133727
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133727 // 
            
            
            
            BID: 106028 // 
            
            
            
            JVNDB: JVNDB-2018-012844 // 
            
            
            
            CNNVD: CNNVD-201811-440 // 
            
            
            
            NVD: CVE-2018-3696

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00196.html
Trust: 2.0
url:http://www.securityfocus.com/bid/106028
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3696
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3696
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-133727 // 
            
            
            
            BID: 106028 // 
            
            
            
            JVNDB: JVNDB-2018-012844 // 
            
            
            
            CNNVD: CNNVD-201811-440 // 
            
            
            
            NVD: CVE-2018-3696

CREDITS
Joe Standing
Trust: 0.3
sources:
            
            
            BID: 106028

SOURCES
db:VULHUBid:VHN-133727
db:BIDid:106028
db:JVNDBid:JVNDB-2018-012844
db:CNNVDid:CNNVD-201811-440
db:NVDid:CVE-2018-3696

LAST UPDATE DATE
2024-11-23T23:08:33.363000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133727date:2018-12-31T00:00:00
db:BIDid:106028date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-012844date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-440date:2018-11-21T00:00:00
db:NVDid:CVE-2018-3696date:2024-11-21T04:05:54.290

SOURCES RELEASE DATE
db:VULHUBid:VHN-133727date:2018-11-14T00:00:00
db:BIDid:106028date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-012844date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-440date:2018-11-15T00:00:00
db:NVDid:CVE-2018-3696date:2018-11-14T14:29:00.393