Sign-up

ID

VAR-201903-0961


CVE

CVE-2018-12208


TITLE

plural Intel Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014777

DESCRIPTION

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Intel(R) CSME , TXE , Server Platform Services Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). The HECI subsystem is one of the host embedded controller interface subsystems. An attacker in physical proximity could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20; Intel TXE prior to 3.1.60, prior to 4.0.10; Intel Server Platform Services earlier than 5.00.04.012

Trust: 2.43

sources: NVD: CVE-2018-12208 // JVNDB: JVNDB-2018-014777 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122144

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.11.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.20

Trust: 1.8

vendor:intelmodel:server platform servicesscope:ltversion:5.00.04.012

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.60

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.10

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014777 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12208
value: HIGH

Trust: 1.0

NVD: CVE-2018-12208
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-546
value: HIGH

Trust: 0.6

VULHUB: VHN-122144
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12208
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122144
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12208
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122144 // JVNDB: JVNDB-2018-014777 // CNNVD: CNNVD-201903-546 // NVD: CVE-2018-12208

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-122144 // JVNDB: JVNDB-2018-014777 // NVD: CVE-2018-12208

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-546

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014777

PATCH
title:INTEL-SA-00185url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Converged Security and Management Engine , Intel TXE  and Intel Server Platform Services HECI Fixes for Subsystem Buffer Error Vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90135
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014777 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-546

EXTERNAL IDS
db:NVDid:CVE-2018-12208
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014777
Trust: 0.8
db:CNNVDid:CNNVD-201903-546
Trust: 0.7
db:VULHUBid:VHN-122144
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122144 // 
            
            
            
            JVNDB: JVNDB-2018-014777 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-546 // 
            
            
            
            NVD: CVE-2018-12208

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03914en_us
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-12208
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12208
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03914en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122144 // 
            
            
            
            JVNDB: JVNDB-2018-014777 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-546 // 
            
            
            
            NVD: CVE-2018-12208

SOURCES
db:VULHUBid:VHN-122144
db:JVNDBid:JVNDB-2018-014777
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-546
db:NVDid:CVE-2018-12208

LAST UPDATE DATE
2024-11-23T19:31:03.688000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122144date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2018-014777date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-546date:2019-04-08T00:00:00
db:NVDid:CVE-2018-12208date:2024-11-21T03:44:46.920

SOURCES RELEASE DATE
db:VULHUBid:VHN-122144date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014777date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-546date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12208date:2019-03-14T20:29:00.850