Sign-up

ID

VAR-201812-0029


CVE

CVE-2018-12155


TITLE

Intel IPP Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-012773

DESCRIPTION

Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. Intel IPP Contains an information disclosure vulnerability.Information may be obtained. Intel Integrated Performance Primitives (IPP) is a set of programming tools used by Intel Corporation for processing images, signal processing and data. There is a security vulnerability in the cryptographic library in versions prior to Intel IPP 2019 update1. A local attacker could exploit this vulnerability to cause information disclosure

Trust: 1.71

sources: NVD: CVE-2018-12155 // JVNDB: JVNDB-2018-012773 // VULHUB: VHN-122086

AFFECTED PRODUCTS

vendor:intelmodel:integrated performance primitivesscope:eqversion:2019

Trust: 1.6

vendor:intelmodel:integrated performance primitivesscope:ltversion:2019

Trust: 1.0

vendor:intelmodel:integrated performance primitivesscope:ltversion:2019 update1

Trust: 0.8

sources: JVNDB: JVNDB-2018-012773 // CNNVD: CNNVD-201812-181 // NVD: CVE-2018-12155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12155
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12155
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-181
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122086
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-12155
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122086
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12155
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122086 // JVNDB: JVNDB-2018-012773 // CNNVD: CNNVD-201812-181 // NVD: CVE-2018-12155

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-122086 // JVNDB: JVNDB-2018-012773 // NVD: CVE-2018-12155

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-181

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-181

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012773

PATCH
title:INTEL-SA-00202url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html
Trust: 0.8
title:Intel Integrated Performance Primitives Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87468
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012773 // 
            
            
            
            CNNVD: CNNVD-201812-181

EXTERNAL IDS
db:NVDid:CVE-2018-12155
Trust: 2.5
db:LENOVOid:LEN-25662
Trust: 1.7
db:JVNDBid:JVNDB-2018-012773
Trust: 0.8
db:CNNVDid:CNNVD-201812-181
Trust: 0.7
db:VULHUBid:VHN-122086
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122086 // 
            
            
            
            JVNDB: JVNDB-2018-012773 // 
            
            
            
            CNNVD: CNNVD-201812-181 // 
            
            
            
            NVD: CVE-2018-12155

REFERENCES
url:http://support.lenovo.com/us/en/solutions/len-25662
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12155
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12155
Trust: 0.8
sources:
            
            
            VULHUB: VHN-122086 // 
            
            
            
            JVNDB: JVNDB-2018-012773 // 
            
            
            
            CNNVD: CNNVD-201812-181 // 
            
            
            
            NVD: CVE-2018-12155

SOURCES
db:VULHUBid:VHN-122086
db:JVNDBid:JVNDB-2018-012773
db:CNNVDid:CNNVD-201812-181
db:NVDid:CVE-2018-12155

LAST UPDATE DATE
2024-11-23T22:17:15.155000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122086date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-012773date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201812-181date:2019-08-29T00:00:00
db:NVDid:CVE-2018-12155date:2024-11-21T03:44:40.273

SOURCES RELEASE DATE
db:VULHUBid:VHN-122086date:2018-12-05T00:00:00
db:JVNDBid:JVNDB-2018-012773date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201812-181date:2018-12-06T00:00:00
db:NVDid:CVE-2018-12155date:2018-12-05T21:29:00.467