Sign-up

ID

VAR-201811-0483


CVE

CVE-2018-3699


TITLE

Windows for Intel RAID Web Console v3 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-012831

DESCRIPTION

Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to perform unauthorized actions such as reading, modifying, or deleting content, or inject malicious content. A remote attacker could exploit this vulnerability to elevate privileges

Trust: 1.98

sources: NVD: CVE-2018-3699 // JVNDB: JVNDB-2018-012831 // BID: 105992 // VULHUB: VHN-133730

AFFECTED PRODUCTS

vendor:intelmodel:raid web console 3scope:ltversion:4.186

Trust: 1.0

vendor:intelmodel:raid web console v3scope: - version: -

Trust: 0.8

vendor:intelmodel:raid web consolescope:eqversion:3

Trust: 0.3

vendor:intelmodel:raid web consolescope:neversion:4.186

Trust: 0.3

sources: BID: 105992 // JVNDB: JVNDB-2018-012831 // NVD: CVE-2018-3699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3699
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3699
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-443
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133730
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3699
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133730
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3699
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133730 // JVNDB: JVNDB-2018-012831 // CNNVD: CNNVD-201811-443 // NVD: CVE-2018-3699

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-133730 // JVNDB: JVNDB-2018-012831 // NVD: CVE-2018-3699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-443

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201811-443

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012831

PATCH
title:INTEL-SA-00199url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00199.html
Trust: 0.8
title:Intel RAID Web Console for Windows Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86846
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012831 // 
            
            
            
            CNNVD: CNNVD-201811-443

EXTERNAL IDS
db:NVDid:CVE-2018-3699
Trust: 2.8
db:BIDid:105992
Trust: 1.4
db:JVNDBid:JVNDB-2018-012831
Trust: 0.8
db:CNNVDid:CNNVD-201811-443
Trust: 0.7
db:VULHUBid:VHN-133730
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133730 // 
            
            
            
            BID: 105992 // 
            
            
            
            JVNDB: JVNDB-2018-012831 // 
            
            
            
            CNNVD: CNNVD-201811-443 // 
            
            
            
            NVD: CVE-2018-3699

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00199.html
Trust: 2.0
url:http://www.securityfocus.com/bid/105992
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3699
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3699
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-133730 // 
            
            
            
            BID: 105992 // 
            
            
            
            JVNDB: JVNDB-2018-012831 // 
            
            
            
            CNNVD: CNNVD-201811-443 // 
            
            
            
            NVD: CVE-2018-3699

CREDITS
Joe
Trust: 0.3
sources:
            
            
            BID: 105992

SOURCES
db:VULHUBid:VHN-133730
db:BIDid:105992
db:JVNDBid:JVNDB-2018-012831
db:CNNVDid:CNNVD-201811-443
db:NVDid:CVE-2018-3699

LAST UPDATE DATE
2024-11-23T22:41:39.193000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133730date:2018-12-31T00:00:00
db:BIDid:105992date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-012831date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-443date:2018-11-19T00:00:00
db:NVDid:CVE-2018-3699date:2024-11-21T04:05:54.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-133730date:2018-11-14T00:00:00
db:BIDid:105992date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-012831date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-443date:2018-11-15T00:00:00
db:NVDid:CVE-2018-3699date:2018-11-14T14:29:00.503