Sign-up

ID

VAR-201804-1317


CVE

CVE-2018-3645


TITLE

Intel Remote Keyboard Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-004022

DESCRIPTION

Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session. Intel Remote Keyboard Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software supports mobile phone remote control computer

Trust: 1.8

sources: NVD: CVE-2018-3645 // JVNDB: JVNDB-2018-004022 // VULHUB: VHN-133676 // VULMON: CVE-2018-3645

AFFECTED PRODUCTS

vendor:intelmodel:remote keyboard mobile appscope:eqversion: -

Trust: 1.6

vendor:intelmodel:remote keyboard mobile appscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-004022 // CNNVD: CNNVD-201804-105 // NVD: CVE-2018-3645

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3645
value: HIGH

Trust: 1.0

NVD: CVE-2018-3645
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-105
value: HIGH

Trust: 0.6

VULHUB: VHN-133676
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-3645
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3645
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-133676
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3645
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133676 // VULMON: CVE-2018-3645 // JVNDB: JVNDB-2018-004022 // CNNVD: CNNVD-201804-105 // NVD: CVE-2018-3645

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-133676 // JVNDB: JVNDB-2018-004022 // NVD: CVE-2018-3645

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-105

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201804-105

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004022

PATCH
title:INTEL-SA-00122url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00122.html
Trust: 0.8
title:The Registerurl:https://www.theregister.co.uk/2018/04/06/rip_intel_remote_keyboard/
Trust: 0.2
title:ansible-everydayurl:https://github.com/kaosagnt/ansible-everyday 
Trust: 0.1
title:Threatposturl:https://threatpost.com/intel-tells-remote-keyboard-users-to-delete-app-after-critical-bug-found/130974/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-3645 // 
            
            
            
            JVNDB: JVNDB-2018-004022

EXTERNAL IDS
db:NVDid:CVE-2018-3645
Trust: 2.6
db:JVNDBid:JVNDB-2018-004022
Trust: 0.8
db:CNNVDid:CNNVD-201804-105
Trust: 0.7
db:VULHUBid:VHN-133676
Trust: 0.1
db:VULMONid:CVE-2018-3645
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133676 // 
            
            
            
            VULMON: CVE-2018-3645 // 
            
            
            
            JVNDB: JVNDB-2018-004022 // 
            
            
            
            CNNVD: CNNVD-201804-105 // 
            
            
            
            NVD: CVE-2018-3645

REFERENCES
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00122&languageid=en-fr
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3645
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3645
Trust: 0.8
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00122&languageid=en-fr
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-tells-remote-keyboard-users-to-delete-app-after-critical-bug-found/130974/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133676 // 
            
            
            
            VULMON: CVE-2018-3645 // 
            
            
            
            JVNDB: JVNDB-2018-004022 // 
            
            
            
            CNNVD: CNNVD-201804-105 // 
            
            
            
            NVD: CVE-2018-3645

SOURCES
db:VULHUBid:VHN-133676
db:VULMONid:CVE-2018-3645
db:JVNDBid:JVNDB-2018-004022
db:CNNVDid:CNNVD-201804-105
db:NVDid:CVE-2018-3645

LAST UPDATE DATE
2024-11-23T23:12:12.430000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133676date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-3645date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-004022date:2018-06-08T00:00:00
db:CNNVDid:CNNVD-201804-105date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3645date:2024-11-21T04:05:49.907

SOURCES RELEASE DATE
db:VULHUBid:VHN-133676date:2018-04-03T00:00:00
db:VULMONid:CVE-2018-3645date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2018-004022date:2018-06-08T00:00:00
db:CNNVDid:CNNVD-201804-105date:2018-04-03T00:00:00
db:NVDid:CVE-2018-3645date:2018-04-03T21:29:00.377