Details of VAR-201903-0990

ID

VAR-201903-0990

CVE

CVE-2018-12203

TITLE

Platform Sample and Silicon Reference Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014774

DESCRIPTION

Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. A local attacker could exploit this vulnerability to execute arbitrary code

Trust: 2.43

sources: NVD: CVE-2018-12203 // JVNDB: JVNDB-2018-014774 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122139

AFFECTED PRODUCTS

vendor:	intel	model:	silicon reference	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	platform sample	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	platform sample	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	silicon reference	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	csme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	matrix storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx sdk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	usb 3.0 creator utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	for windows	Trust: 0.8

sources: JVNDB: JVNDB-2018-014774 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12203
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-12203
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-540
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-122139
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-12203
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122139
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12203
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122139 // JVNDB: JVNDB-2018-014774 // CNNVD: CNNVD-201903-540 // NVD: CVE-2018-12203

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-122139 // JVNDB: JVNDB-2018-014774 // NVD: CVE-2018-12203

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-540

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-540

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014774

PATCH

title:	INTEL-SA-00191	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html	Trust: 0.8
title:	INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Trust: 0.8
title:	INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html	Trust: 0.8
title:	INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 0.8
title:	INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 0.8
title:	INTEL-SA-00216 - Intel Matrix Storage Manager Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html	Trust: 0.8
title:	INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html	Trust: 0.8
title:	INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html	Trust: 0.8
title:	Intel Core Processor Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90129	Trust: 0.6

sources: JVNDB: JVNDB-2018-014774 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-540

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12203	Trust: 2.5
db:	JVN	id:	JVNVU98344681	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-001582	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014774	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-540	Trust: 0.7
db:	LENOVO	id:	LEN-25085	Trust: 0.6
db:	CNVD	id:	CNVD-2020-18568	Trust: 0.1
db:	VULHUB	id:	VHN-122139	Trust: 0.1

sources: VULHUB: VHN-122139 // JVNDB: JVNDB-2018-014774 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-540 // NVD: CVE-2018-12203

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20190318-0002/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 1.7
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12203	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12203	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681	Trust: 0.8
url:	https://support.lenovo.com/us/en/solutions/len-25085	Trust: 0.6
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us	Trust: 0.1

sources: VULHUB: VHN-122139 // JVNDB: JVNDB-2018-014774 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-540 // NVD: CVE-2018-12203

SOURCES

db:	VULHUB	id:	VHN-122139
db:	JVNDB	id:	JVNDB-2018-014774
db:	JVNDB	id:	JVNDB-2019-001582
db:	CNNVD	id:	CNNVD-201903-540
db:	NVD	id:	CVE-2018-12203

LAST UPDATE DATE

2024-11-23T21:11:48.556000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122139	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014774	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-540	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-12203	date:	2024-11-21T03:44:44.773

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122139	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014774	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-540	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-12203	date:	2019-03-14T20:29:00.740