var-201903-0992
Vulnerability from variot
Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Both Intel 8th Generation Intel Core Processor and Intel 7th Generation Intel Core Processor are products of Intel Corporation of the United States. Intel 8th Generation Intel Core Processor is an eighth generation Core series central processing unit (CPU). Intel 7th Generation Intel Core Processor is a seventh generation Core series central processing unit (CPU). This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0992",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "silicon reference",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "platform sample",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "platform sample",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "silicon reference",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "accelerated storage manager",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "active management technology",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "csme",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "matrix storage manager",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server platform services",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "sgx sdk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "trusted execution engine",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "usb 3.0 creator utility",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "intel",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "graphics driver",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "for windows"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:platform_sample_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:silicon_reference_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
}
]
},
"cve": "CVE-2018-12205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "[email protected]",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-122141",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "[email protected]",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-12205",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "[email protected]",
"id": "CVE-2018-12205",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12205",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-543",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122141",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122141"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-543"
},
{
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access. Platform Sample and Silicon Reference Firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Both Intel 8th Generation Intel Core Processor and Intel 7th Generation Intel Core Processor are products of Intel Corporation of the United States. Intel 8th Generation Intel Core Processor is an eighth generation Core series central processing unit (CPU). Intel 7th Generation Intel Core Processor is a seventh generation Core series central processing unit (CPU). This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12205"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "VULHUB",
"id": "VHN-122141"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12205",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU98344681",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014776",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-543",
"trust": 0.7
},
{
"db": "LENOVO",
"id": "LEN-25085",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-18569",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-122141",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122141"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-543"
},
{
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"id": "VAR-201903-0992",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122141"
}
],
"trust": 0.8439696099999999
},
"last_update_date": "2024-11-23T20:42:47.703000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00191",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
},
{
"title": "INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html"
},
{
"title": "INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html"
},
{
"title": "INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html"
},
{
"title": "INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html"
},
{
"title": "INTEL-SA-00216 - Intel Matrix Storage Manager Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html"
},
{
"title": "INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html"
},
{
"title": "INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html"
},
{
"title": "Intel Core Processor Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90132"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122141"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190318-0002/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03912en_us"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12205"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12205"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98344681/"
},
{
"trust": 0.8,
"url": "https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98344681"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/solutions/len-25085"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03912en_us"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122141"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-543"
},
{
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122141"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-543"
},
{
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-122141"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"date": "2019-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-543"
},
{
"date": "2019-03-14T20:29:00.817000",
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122141"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014776"
},
{
"date": "2019-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001582"
},
{
"date": "2019-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-543"
},
{
"date": "2024-11-21T03:44:45.033000",
"db": "NVD",
"id": "CVE-2018-12205"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Platform Sample and Silicon Reference Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014776"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-543"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.