Sign-up

ID

VAR-201903-0988


CVE

CVE-2018-12201


TITLE

Platform Sample and Silicon Reference Firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014798

DESCRIPTION

Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access. Platform Sample and Silicon Reference The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. are all products of Intel Corporation of the United States. The 8th Generation Intel Core Processor is an eighth generation Core series central processing unit (CPU). 7th Generation Intel Core Processor is a seventh generation Core series central processing unit (CPU). Intel Pentium Silver J5005 Processor is a Pentium series processor. A buffer overflow vulnerability exists in the Platform Sample/Silicon Reference firmware in several Intel products. A local attacker could exploit this vulnerability to execute arbitrary code

Trust: 2.43

sources: NVD: CVE-2018-12201 // JVNDB: JVNDB-2018-014798 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122137

AFFECTED PRODUCTS

vendor:intelmodel:silicon referencescope:eqversion: -

Trust: 1.0

vendor:intelmodel:platform samplescope:eqversion: -

Trust: 1.0

vendor:intelmodel:platform samplescope: - version: -

Trust: 0.8

vendor:intelmodel:silicon referencescope: - version: -

Trust: 0.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014798 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12201

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12201
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12201
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-534
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122137
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12201
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122137
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12201
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122137 // JVNDB: JVNDB-2018-014798 // CNNVD: CNNVD-201903-534 // NVD: CVE-2018-12201

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-122137 // JVNDB: JVNDB-2018-014798 // NVD: CVE-2018-12201

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-534

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-534

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014798

PATCH
title:INTEL-SA-00191url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Multiple Intel Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90123
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014798 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-534

EXTERNAL IDS
db:NVDid:CVE-2018-12201
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014798
Trust: 0.8
db:CNNVDid:CNNVD-201903-534
Trust: 0.7
db:LENOVOid:LEN-25085
Trust: 0.6
db:VULHUBid:VHN-122137
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122137 // 
            
            
            
            JVNDB: JVNDB-2018-014798 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-534 // 
            
            
            
            NVD: CVE-2018-12201

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0002/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-12201
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12201
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25085
Trust: 0.6
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122137 // 
            
            
            
            JVNDB: JVNDB-2018-014798 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-534 // 
            
            
            
            NVD: CVE-2018-12201

SOURCES
db:VULHUBid:VHN-122137
db:JVNDBid:JVNDB-2018-014798
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-534
db:NVDid:CVE-2018-12201

LAST UPDATE DATE
2024-11-23T21:06:28.173000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122137date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014798date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-534date:2019-08-29T00:00:00
db:NVDid:CVE-2018-12201date:2024-11-21T03:44:44.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-122137date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014798date:2019-04-11T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-534date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12201date:2019-03-14T20:29:00.663