Sign-up

ID

VAR-201903-0973


CVE

CVE-2018-12188


TITLE

Intel CSME and TXE Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014786

DESCRIPTION

Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access. Intel CSME and TXE Contains an input validation vulnerability.Information may be tampered with. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Attacks in close physical proximity exploit this vulnerability to modify data. Intel CSME before 11.8.60, before 11.11.60, before 11.22.60, before 12.0.20; Intel TXE before 3.1.60, before 4.0.10

Trust: 2.43

sources: NVD: CVE-2018-12188 // JVNDB: JVNDB-2018-014786 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122122

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.11.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.20

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.60

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.10

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014786 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12188

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12188
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12188
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-557
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122122
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-12188
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122122
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12188
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122122 // JVNDB: JVNDB-2018-014786 // CNNVD: CNNVD-201903-557 // NVD: CVE-2018-12188

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-122122 // JVNDB: JVNDB-2018-014786 // NVD: CVE-2018-12188

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-557

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014786

PATCH
title:INTEL-SA-00185url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Converged Security and Management Engine  and Intel TXE Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90145
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014786 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-557

EXTERNAL IDS
db:NVDid:CVE-2018-12188
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014786
Trust: 0.8
db:CNNVDid:CNNVD-201903-557
Trust: 0.7
db:LENOVOid:LEN-25083
Trust: 0.6
db:NSFOCUSid:42972
Trust: 0.6
db:VULHUBid:VHN-122122
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122122 // 
            
            
            
            JVNDB: JVNDB-2018-014786 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-557 // 
            
            
            
            NVD: CVE-2018-12188

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-12188
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12188
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25083
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42972
Trust: 0.6
sources:
            
            
            VULHUB: VHN-122122 // 
            
            
            
            JVNDB: JVNDB-2018-014786 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-557 // 
            
            
            
            NVD: CVE-2018-12188

CREDITS
Intel ( http://www.intel.com/ )  ?? ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-557

SOURCES
db:VULHUBid:VHN-122122
db:JVNDBid:JVNDB-2018-014786
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-557
db:NVDid:CVE-2018-12188

LAST UPDATE DATE
2024-11-23T21:18:53.901000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122122date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2018-014786date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-557date:2019-08-29T00:00:00
db:NVDid:CVE-2018-12188date:2024-11-21T03:44:43.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-122122date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014786date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-557date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12188date:2019-03-14T20:29:00.350