Sign-up

ID

VAR-201903-0974


CVE

CVE-2018-12189


TITLE

Intel CSME and TXE Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014785

DESCRIPTION

Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access. Intel CSME and TXE Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Content Protection subsystem is one of the content protection subsystems. A local attacker could exploit this vulnerability to modify data. The following products and versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20; Intel TXE prior to 3.1.60, prior to 4.0.10

Trust: 2.43

sources: NVD: CVE-2018-12189 // JVNDB: JVNDB-2018-014785 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122123

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.11.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.20

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.60

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.10

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014785 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12189
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12189
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-559
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122123
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-12189
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122123
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12189
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122123 // JVNDB: JVNDB-2018-014785 // CNNVD: CNNVD-201903-559 // NVD: CVE-2018-12189

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-122123 // JVNDB: JVNDB-2018-014785 // NVD: CVE-2018-12189

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-559

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-559

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014785

PATCH
title:INTEL-SA-00185url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Converged Security and Management Engine  and Intel TXE Content Protection Subsystem security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90147
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014785 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-559

EXTERNAL IDS
db:NVDid:CVE-2018-12189
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014785
Trust: 0.8
db:CNNVDid:CNNVD-201903-559
Trust: 0.7
db:LENOVOid:LEN-25083
Trust: 0.6
db:NSFOCUSid:42973
Trust: 0.6
db:VULHUBid:VHN-122123
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122123 // 
            
            
            
            JVNDB: JVNDB-2018-014785 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-559 // 
            
            
            
            NVD: CVE-2018-12189

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-12189
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12189
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25083
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42973
Trust: 0.6
sources:
            
            
            VULHUB: VHN-122123 // 
            
            
            
            JVNDB: JVNDB-2018-014785 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-559 // 
            
            
            
            NVD: CVE-2018-12189

CREDITS
Intel ( http://www.intel.com/ )  ?? ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-559

SOURCES
db:VULHUBid:VHN-122123
db:JVNDBid:JVNDB-2018-014785
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-559
db:NVDid:CVE-2018-12189

LAST UPDATE DATE
2024-11-23T20:28:29.824000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122123date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014785date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-559date:2019-10-08T00:00:00
db:NVDid:CVE-2018-12189date:2024-11-21T03:44:43.417

SOURCES RELEASE DATE
db:VULHUBid:VHN-122123date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014785date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-559date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12189date:2019-03-14T20:29:00.397