Sign-up

ID

VAR-201804-1302


CVE

CVE-2018-3624


TITLE

plural Intel Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003908

DESCRIPTION

Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network. plural Intel The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Intel 2G Modem Products are prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected device. Failed exploits may result in denial-of-service conditions. The following 2G Modem Products are vulnerable: Intel XMM71xx Intel XMM72xx Intel XMM73xx Intel XMM74xx Sofia 3G Sofia 3G-R Sofia 3G-R W. Intel XMM71xx and so on are different types of baseband (communication module) products of Intel Corporation of the United States. ETWS processing module is one of the ETWS processing modules. Buffer overflow vulnerabilities exist in the ETWS processing modules of several Intel products

Trust: 1.98

sources: NVD: CVE-2018-3624 // JVNDB: JVNDB-2018-003908 // BID: 103968 // VULHUB: VHN-133655

AFFECTED PRODUCTS

vendor:intelmodel:2g modemscope:eqversion: -

Trust: 1.6

vendor:intelmodel:2g modemscope: - version: -

Trust: 0.8

vendor:intelmodel:xmm74xxscope:eqversion:0

Trust: 0.3

vendor:intelmodel:xmm73xxscope:eqversion:0

Trust: 0.3

vendor:intelmodel:xmm72xxscope:eqversion:0

Trust: 0.3

vendor:intelmodel:xmm71xxscope:eqversion:0

Trust: 0.3

vendor:intelmodel:sofia 3g-r wscope:eqversion:0

Trust: 0.3

vendor:intelmodel:sofia 3g-rscope:eqversion:0

Trust: 0.3

vendor:intelmodel:sofia 3gscope:eqversion:0

Trust: 0.3

sources: BID: 103968 // JVNDB: JVNDB-2018-003908 // CNNVD: CNNVD-201804-268 // NVD: CVE-2018-3624

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3624
value: HIGH

Trust: 1.0

NVD: CVE-2018-3624
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-268
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133655
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3624
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133655
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3624
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133655 // JVNDB: JVNDB-2018-003908 // CNNVD: CNNVD-201804-268 // NVD: CVE-2018-3624

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-133655 // JVNDB: JVNDB-2018-003908 // NVD: CVE-2018-3624

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201804-268

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201804-268

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003908

PATCH
title:INTEL-SA-00116url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00116.html
Trust: 0.8
title:Multiple Intel Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83101
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003908 // 
            
            
            
            CNNVD: CNNVD-201804-268

EXTERNAL IDS
db:NVDid:CVE-2018-3624
Trust: 2.8
db:ICS CERTid:ICSA-18-114-02
Trust: 2.2
db:BIDid:103968
Trust: 1.4
db:JVNDBid:JVNDB-2018-003908
Trust: 0.8
db:CNNVDid:CNNVD-201804-268
Trust: 0.6
db:SEEBUGid:SSVID-98970
Trust: 0.1
db:VULHUBid:VHN-133655
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133655 // 
            
            
            
            BID: 103968 // 
            
            
            
            JVNDB: JVNDB-2018-003908 // 
            
            
            
            CNNVD: CNNVD-201804-268 // 
            
            
            
            NVD: CVE-2018-3624

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-114-02
Trust: 2.2
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00116&languageid=en-fr
Trust: 1.9
url:http://www.securityfocus.com/bid/103968
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3624
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3624
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00116&languageid=en-fr
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133655 // 
            
            
            
            BID: 103968 // 
            
            
            
            JVNDB: JVNDB-2018-003908 // 
            
            
            
            CNNVD: CNNVD-201804-268 // 
            
            
            
            NVD: CVE-2018-3624

CREDITS
Dr. Ralph Phillip Weinmann and Dr. Nico Golde from Comsecuris
Trust: 0.3
sources:
            
            
            BID: 103968

SOURCES
db:VULHUBid:VHN-133655
db:BIDid:103968
db:JVNDBid:JVNDB-2018-003908
db:CNNVDid:CNNVD-201804-268
db:NVDid:CVE-2018-3624

LAST UPDATE DATE
2024-11-23T22:48:43.890000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133655date:2018-05-10T00:00:00
db:BIDid:103968date:2018-04-24T00:00:00
db:JVNDBid:JVNDB-2018-003908date:2018-06-06T00:00:00
db:CNNVDid:CNNVD-201804-268date:2018-06-25T00:00:00
db:NVDid:CVE-2018-3624date:2024-11-21T04:05:47.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-133655date:2018-04-05T00:00:00
db:BIDid:103968date:2018-04-24T00:00:00
db:JVNDBid:JVNDB-2018-003908date:2018-06-06T00:00:00
db:CNNVDid:CNNVD-201804-268date:2018-04-05T00:00:00
db:NVDid:CVE-2018-3624date:2018-04-05T16:29:00.393