Sign-up

ID

VAR-201903-0991


CVE

CVE-2018-12204


TITLE

Platform Sample and Silicon Reference Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014775

DESCRIPTION

Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable an escalation of privilege via local access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Server Board, etc. are all products of Intel Corporation of the United States. Intel Server Board is a server motherboard. Intel Server System is a server array card. Intel Compute Module is a computing module. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 2.43

sources: NVD: CVE-2018-12204 // JVNDB: JVNDB-2018-014775 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122140

AFFECTED PRODUCTS

vendor:intelmodel:silicon referencescope:eqversion: -

Trust: 1.0

vendor:intelmodel:platform samplescope:eqversion: -

Trust: 1.0

vendor:intelmodel:platform samplescope: - version: -

Trust: 0.8

vendor:intelmodel:silicon referencescope: - version: -

Trust: 0.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014775 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12204
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12204
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-542
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122140
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12204
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122140
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12204
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122140 // JVNDB: JVNDB-2018-014775 // CNNVD: CNNVD-201903-542 // NVD: CVE-2018-12204

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-122140 // JVNDB: JVNDB-2018-014775 // NVD: CVE-2018-12204

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-542

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-542

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014775

PATCH
title:INTEL-SA-00191url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Server Board , Intel Server System  and Intel Compute Module Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90131
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014775 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-542

EXTERNAL IDS
db:NVDid:CVE-2018-12204
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014775
Trust: 0.8
db:CNNVDid:CNNVD-201903-542
Trust: 0.7
db:AUSCERTid:ESB-2019.1669
Trust: 0.6
db:LENOVOid:LEN-25085
Trust: 0.6
db:CNVDid:CNVD-2020-18594
Trust: 0.1
db:VULHUBid:VHN-122140
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122140 // 
            
            
            
            JVNDB: JVNDB-2018-014775 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-542 // 
            
            
            
            NVD: CVE-2018-12204

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0002/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us
Trust: 1.6
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03929en_us
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-12204
Trust: 1.4
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03978en_us
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12204
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display
Trust: 0.6
url:https://support.lenovo.com/us/en/solutions/len-25085
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80722
Trust: 0.6
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us
Trust: 0.1
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03929en_us
Trust: 0.1
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03978en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122140 // 
            
            
            
            JVNDB: JVNDB-2018-014775 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-542 // 
            
            
            
            NVD: CVE-2018-12204

SOURCES
db:VULHUBid:VHN-122140
db:JVNDBid:JVNDB-2018-014775
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-542
db:NVDid:CVE-2018-12204

LAST UPDATE DATE
2024-11-23T21:27:57.210000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122140date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014775date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-542date:2019-10-08T00:00:00
db:NVDid:CVE-2018-12204date:2024-11-21T03:44:44.900

SOURCES RELEASE DATE
db:VULHUBid:VHN-122140date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014775date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-542date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12204date:2019-03-14T20:29:00.770