Sign-up

ID

VAR-201903-0977


CVE

CVE-2018-12192


TITLE

Intel CSME and Server Platform Services Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014760

DESCRIPTION

Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access. Intel CSME and Server Platform Services Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel Server Platform Services (SPS) are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Kernel subsystem is one of the kernel subsystems. Attackers can exploit this vulnerability to bypass MEBx authentication

Trust: 2.43

sources: NVD: CVE-2018-12192 // JVNDB: JVNDB-2018-014760 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122127

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.11.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.20

Trust: 1.8

vendor:intelmodel:server platform servicesscope:ltversion:sps_e5_04.00.04.393.0

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014760 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12192
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12192
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-566
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122127
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12192
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122127
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12192
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122127 // JVNDB: JVNDB-2018-014760 // CNNVD: CNNVD-201903-566 // NVD: CVE-2018-12192

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-122127 // JVNDB: JVNDB-2018-014760 // NVD: CVE-2018-12192

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201903-566

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014760

PATCH
title:INTEL-SA-00185url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Converged Security and Management Engine  and Intel Server Platform Services Kernel Subsystem security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90153
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014760 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-566

EXTERNAL IDS
db:NVDid:CVE-2018-12192
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014760
Trust: 0.8
db:LENOVOid:LEN-25083
Trust: 0.6
db:CNNVDid:CNNVD-201903-566
Trust: 0.6
db:CNVDid:CNVD-2020-18574
Trust: 0.1
db:VULHUBid:VHN-122127
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122127 // 
            
            
            
            JVNDB: JVNDB-2018-014760 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-566 // 
            
            
            
            NVD: CVE-2018-12192

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03914en_us
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-12192
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12192
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25083
Trust: 0.6
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03914en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122127 // 
            
            
            
            JVNDB: JVNDB-2018-014760 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-566 // 
            
            
            
            NVD: CVE-2018-12192

SOURCES
db:VULHUBid:VHN-122127
db:JVNDBid:JVNDB-2018-014760
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-566
db:NVDid:CVE-2018-12192

LAST UPDATE DATE
2024-11-23T20:12:48.865000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122127date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2018-014760date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-566date:2019-08-29T00:00:00
db:NVDid:CVE-2018-12192date:2024-11-21T03:44:43.777

SOURCES RELEASE DATE
db:VULHUBid:VHN-122127date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014760date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-566date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12192date:2019-03-14T20:29:00.490