Details of VAR-201903-0989

ID

VAR-201903-0989

CVE

CVE-2018-12202

TITLE

Platform Sample and Silicon Reference Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014799

DESCRIPTION

Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. A local attacker could exploit this vulnerability to elevate privileges

Trust: 2.43

sources: NVD: CVE-2018-12202 // JVNDB: JVNDB-2018-014799 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122138

AFFECTED PRODUCTS

vendor:	intel	model:	silicon reference	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	platform sample	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	platform sample	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	silicon reference	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	csme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	matrix storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx sdk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	usb 3.0 creator utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	for windows	Trust: 0.8

sources: JVNDB: JVNDB-2018-014799 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12202

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12202
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-12202
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-538
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-122138
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-12202
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122138
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12202
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122138 // JVNDB: JVNDB-2018-014799 // CNNVD: CNNVD-201903-538 // NVD: CVE-2018-12202

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-122138 // JVNDB: JVNDB-2018-014799 // NVD: CVE-2018-12202

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-538

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-538

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014799

PATCH

title:	INTEL-SA-00191	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html	Trust: 0.8
title:	INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Trust: 0.8
title:	INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html	Trust: 0.8
title:	INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 0.8
title:	INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 0.8
title:	INTEL-SA-00216 - Intel Matrix Storage Manager Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html	Trust: 0.8
title:	INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html	Trust: 0.8
title:	INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html	Trust: 0.8
title:	Intel Core Processor Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90127	Trust: 0.6

sources: JVNDB: JVNDB-2018-014799 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-538

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12202	Trust: 2.5
db:	JVN	id:	JVNVU98344681	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-001582	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014799	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-538	Trust: 0.7
db:	LENOVO	id:	LEN-25085	Trust: 0.6
db:	CNVD	id:	CNVD-2020-18567	Trust: 0.1
db:	VULHUB	id:	VHN-122138	Trust: 0.1

sources: VULHUB: VHN-122138 // JVNDB: JVNDB-2018-014799 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-538 // NVD: CVE-2018-12202

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20190318-0002/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12202	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12202	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681	Trust: 0.8
url:	https://support.lenovo.com/us/en/solutions/len-25085	Trust: 0.6
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us	Trust: 0.1

sources: VULHUB: VHN-122138 // JVNDB: JVNDB-2018-014799 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-538 // NVD: CVE-2018-12202

SOURCES

db:	VULHUB	id:	VHN-122138
db:	JVNDB	id:	JVNDB-2018-014799
db:	JVNDB	id:	JVNDB-2019-001582
db:	CNNVD	id:	CNNVD-201903-538
db:	NVD	id:	CVE-2018-12202

LAST UPDATE DATE

2024-11-23T20:45:04.675000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122138	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014799	date:	2019-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-538	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-12202	date:	2024-11-21T03:44:44.630

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122138	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014799	date:	2019-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-538	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-12202	date:	2019-03-14T20:29:00.693