Sign-up

ID

VAR-201903-0971


CVE

CVE-2018-12185


TITLE

Intel(R) CSME Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014784

DESCRIPTION

Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Intel(R) CSME Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. Intel AMT is one of the active management technology modules. A security vulnerability exists in Intel AMT in Intel CSME due to the program's failure to perform adequate input validation. An attacker in physical proximity could exploit this vulnerability to execute arbitrary code. The following versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20

Trust: 2.43

sources: NVD: CVE-2018-12185 // JVNDB: JVNDB-2018-014784 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122119

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.11.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.20

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014784 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12185
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12185
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-552
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122119
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12185
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122119
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12185
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122119 // JVNDB: JVNDB-2018-014784 // CNNVD: CNNVD-201903-552 // NVD: CVE-2018-12185

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-122119 // JVNDB: JVNDB-2018-014784 // NVD: CVE-2018-12185

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-552

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014784

PATCH
title:INTEL-SA-00185url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Converged Security and Management Engine Intel AMT Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90141
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014784 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-552

EXTERNAL IDS
db:NVDid:CVE-2018-12185
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014784
Trust: 0.8
db:CNNVDid:CNNVD-201903-552
Trust: 0.7
db:LENOVOid:LEN-25083
Trust: 0.6
db:NSFOCUSid:42976
Trust: 0.6
db:VULHUBid:VHN-122119
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122119 // 
            
            
            
            JVNDB: JVNDB-2018-014784 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-552 // 
            
            
            
            NVD: CVE-2018-12185

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-12185
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12185
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25083
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42976
Trust: 0.6
sources:
            
            
            VULHUB: VHN-122119 // 
            
            
            
            JVNDB: JVNDB-2018-014784 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-552 // 
            
            
            
            NVD: CVE-2018-12185

CREDITS
Intel ( http://www.intel.com/ )  ?? ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-552

SOURCES
db:VULHUBid:VHN-122119
db:JVNDBid:JVNDB-2018-014784
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-552
db:NVDid:CVE-2018-12185

LAST UPDATE DATE
2024-11-23T20:04:18.966000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122119date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2018-014784date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-552date:2019-08-29T00:00:00
db:NVDid:CVE-2018-12185date:2024-11-21T03:44:43.067

SOURCES RELEASE DATE
db:VULHUBid:VHN-122119date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014784date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-552date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12185date:2019-03-14T20:29:00.257