var-201903-0989
Vulnerability from variot
Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. A local attacker could exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0989",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "silicon reference",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "platform sample",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "platform sample",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "silicon reference",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "accelerated storage manager",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "active management technology",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "csme",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "matrix storage manager",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server platform services",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "sgx sdk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "trusted execution engine",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "usb 3.0 creator utility",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "intel",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "graphics driver",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "for windows"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:platform_sample_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:silicon_reference_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
}
]
},
"cve": "CVE-2018-12202",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "[email protected]",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12202",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-122138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "[email protected]",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2018-12202",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "[email protected]",
"id": "CVE-2018-12202",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12202",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-538",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122138",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-538"
},
{
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. A local attacker could exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12202"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "VULHUB",
"id": "VHN-122138"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12202",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98344681",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014799",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-538",
"trust": 0.7
},
{
"db": "LENOVO",
"id": "LEN-25085",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-18567",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-122138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-538"
},
{
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"id": "VAR-201903-0989",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122138"
}
],
"trust": 0.8439696099999999
},
"last_update_date": "2024-11-23T20:45:04.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00191",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
},
{
"title": "INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html"
},
{
"title": "INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html"
},
{
"title": "INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html"
},
{
"title": "INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html"
},
{
"title": "INTEL-SA-00216 - Intel Matrix Storage Manager Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html"
},
{
"title": "INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html"
},
{
"title": "INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html"
},
{
"title": "Intel Core Processor Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90127"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-538"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190318-0002/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03912en_us"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12202"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12202"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98344681/"
},
{
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98344681"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/solutions/len-25085"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03912en_us"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-538"
},
{
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122138"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-538"
},
{
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-122138"
},
{
"date": "2019-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"date": "2019-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-538"
},
{
"date": "2019-03-14T20:29:00.693000",
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122138"
},
{
"date": "2019-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014799"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-538"
},
{
"date": "2024-11-21T03:44:44.630000",
"db": "NVD",
"id": "CVE-2018-12202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-538"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Platform Sample and Silicon Reference Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014799"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-538"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…