Details of VAR-201812-0287

ID

VAR-201812-0287

CVE

CVE-2018-18093

TITLE

Intel VTune Amplifier Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014038

DESCRIPTION

Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. Intel VTune Amplifier Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel VTune Amplifier is a set of performance analysis tools of Intel Corporation of the United States. This product is mainly used for performance analysis of high-performance computing, IoT embedded applications, device drivers and game engines. The installer in Intel VTune Amplifier 2018 Update 3 and earlier has a security vulnerability. A local attacker could use this vulnerability to elevate privileges

Trust: 2.79

sources: NVD: CVE-2018-18093 // JVNDB: JVNDB-2018-014038 // CNVD: CNVD-2018-26027 // CNNVD: CNNVD-201812-669 // VULHUB: VHN-128618

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-26027

AFFECTED PRODUCTS

vendor:	intel	model:	vtune amplifier	scope:	lte	version:	2018	Trust: 1.0
vendor:	intel	model:	vtune amplifier	scope:	eq	version:	2018	Trust: 1.0
vendor:	intel	model:	vtune amplifier	scope:	lte	version:	2018 update 3	Trust: 0.8
vendor:	intel	model:	vtune amplifier update	scope:	lte	version:	<=20183	Trust: 0.6

sources: CNVD: CNVD-2018-26027 // JVNDB: JVNDB-2018-014038 // NVD: CVE-2018-18093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18093
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-18093
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-26027
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-669
value:	HIGH
Trust: 0.6
VULHUB:	VHN-128618
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-18093
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-26027
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-128618
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18093
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-26027 // VULHUB: VHN-128618 // JVNDB: JVNDB-2018-014038 // CNNVD: CNNVD-201812-669 // NVD: CVE-2018-18093

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-128618 // JVNDB: JVNDB-2018-014038 // NVD: CVE-2018-18093

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201812-669

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201812-669

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014038

PATCH

title:	INTEL-SA-00194	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00194.html	Trust: 0.8
title:	Patch for Intel VTune Amplifier Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/147473	Trust: 0.6
title:	Intel VTune Amplifier Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87905	Trust: 0.6

sources: CNVD: CNVD-2018-26027 // JVNDB: JVNDB-2018-014038 // CNNVD: CNNVD-201812-669

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18093	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-014038	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-669	Trust: 0.7
db:	CNVD	id:	CNVD-2018-26027	Trust: 0.6
db:	VULHUB	id:	VHN-128618	Trust: 0.1

sources: CNVD: CNVD-2018-26027 // VULHUB: VHN-128618 // JVNDB: JVNDB-2018-014038 // CNNVD: CNNVD-201812-669 // NVD: CVE-2018-18093

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00194.html	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18093	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18093	Trust: 0.8

sources: CNVD: CNVD-2018-26027 // VULHUB: VHN-128618 // JVNDB: JVNDB-2018-014038 // CNNVD: CNNVD-201812-669 // NVD: CVE-2018-18093

SOURCES

db:	CNVD	id:	CNVD-2018-26027
db:	VULHUB	id:	VHN-128618
db:	JVNDB	id:	JVNDB-2018-014038
db:	CNNVD	id:	CNNVD-201812-669
db:	NVD	id:	CVE-2018-18093

LAST UPDATE DATE

2024-11-23T22:21:52.680000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-26027	date:	2018-12-20T00:00:00
db:	VULHUB	id:	VHN-128618	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014038	date:	2019-03-11T00:00:00
db:	CNNVD	id:	CNNVD-201812-669	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-18093	date:	2024-11-21T03:55:28.140

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-26027	date:	2018-12-18T00:00:00
db:	VULHUB	id:	VHN-128618	date:	2018-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014038	date:	2019-03-11T00:00:00
db:	CNNVD	id:	CNNVD-201812-669	date:	2018-12-14T00:00:00
db:	NVD	id:	CVE-2018-18093	date:	2018-12-14T00:29:01.237