Sign-up

ID

VAR-201903-0992


CVE

CVE-2018-12205


TITLE

Platform Sample and Silicon Reference Firmware vulnerabilities related to authorization, authority, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014776

DESCRIPTION

Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Both Intel 8th Generation Intel Core Processor and Intel 7th Generation Intel Core Processor are products of Intel Corporation of the United States. Intel 8th Generation Intel Core Processor is an eighth generation Core series central processing unit (CPU). Intel 7th Generation Intel Core Processor is a seventh generation Core series central processing unit (CPU). This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 2.43

sources: NVD: CVE-2018-12205 // JVNDB: JVNDB-2018-014776 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122141

AFFECTED PRODUCTS

vendor:intelmodel:silicon referencescope:eqversion: -

Trust: 1.0

vendor:intelmodel:platform samplescope:eqversion: -

Trust: 1.0

vendor:intelmodel:platform samplescope: - version: -

Trust: 0.8

vendor:intelmodel:silicon referencescope: - version: -

Trust: 0.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014776 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12205
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12205
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-543
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122141
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12205
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122141
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12205
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122141 // JVNDB: JVNDB-2018-014776 // CNNVD: CNNVD-201903-543 // NVD: CVE-2018-12205

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-122141 // JVNDB: JVNDB-2018-014776 // NVD: CVE-2018-12205

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-543

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014776

PATCH
title:INTEL-SA-00191url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Core Processor Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90132
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014776 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-543

EXTERNAL IDS
db:NVDid:CVE-2018-12205
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014776
Trust: 0.8
db:CNNVDid:CNNVD-201903-543
Trust: 0.7
db:LENOVOid:LEN-25085
Trust: 0.6
db:CNVDid:CNVD-2020-18569
Trust: 0.1
db:VULHUBid:VHN-122141
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122141 // 
            
            
            
            JVNDB: JVNDB-2018-014776 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-543 // 
            
            
            
            NVD: CVE-2018-12205

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0002/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 1.7
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-12205
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12205
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25085
Trust: 0.6
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03912en_us
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122141 // 
            
            
            
            JVNDB: JVNDB-2018-014776 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-543 // 
            
            
            
            NVD: CVE-2018-12205

SOURCES
db:VULHUBid:VHN-122141
db:JVNDBid:JVNDB-2018-014776
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-543
db:NVDid:CVE-2018-12205

LAST UPDATE DATE
2024-11-23T20:42:47.703000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122141date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014776date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-543date:2019-11-28T00:00:00
db:NVDid:CVE-2018-12205date:2024-11-21T03:44:45.033

SOURCES RELEASE DATE
db:VULHUBid:VHN-122141date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014776date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-543date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12205date:2019-03-14T20:29:00.817