Sign-up

ID

VAR-201804-1678


CVE

CVE-2018-3689


TITLE

Intel Software Guard Extensions Platform Software Component Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004286

DESCRIPTION

AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. AESM daemon is one of the AESM daemons. A local attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2018-3689 // JVNDB: JVNDB-2018-004286 // VULHUB: VHN-133720

AFFECTED PRODUCTS

vendor:intelmodel:software guard extensionsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:software guard extensions platform software componentscope:ltversion:2.1.102 (linux)

Trust: 0.8

vendor:intelmodel:software guard extensions platformscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2018-004286 // CNNVD: CNNVD-201804-132 // NVD: CVE-2018-3689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3689
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3689
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-132
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133720
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3689
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133720
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3689
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-3689
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-133720 // JVNDB: JVNDB-2018-004286 // CNNVD: CNNVD-201804-132 // NVD: CVE-2018-3689

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-133720 // JVNDB: JVNDB-2018-004286 // NVD: CVE-2018-3689

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201804-132

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201804-132

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004286

PATCH
title:Intel Software Guard Extensions SDKurl:https://software.intel.com/en-us/documentation/sgx-sdk-installation/SGX-platform-software
Trust: 0.8
title:Intel Software Guard Extensions Platform Software Component for Linux AESM The daemon enters a fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82984
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004286 // 
            
            
            
            CNNVD: CNNVD-201804-132

EXTERNAL IDS
db:NVDid:CVE-2018-3689
Trust: 2.5
db:JVNDBid:JVNDB-2018-004286
Trust: 0.8
db:CNNVDid:CNNVD-201804-132
Trust: 0.7
db:VULHUBid:VHN-133720
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133720 // 
            
            
            
            JVNDB: JVNDB-2018-004286 // 
            
            
            
            CNNVD: CNNVD-201804-132 // 
            
            
            
            NVD: CVE-2018-3689

REFERENCES
url:https://cdrdv2.intel.com/v1/dl/getcontent/685355
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3689
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3689
Trust: 0.8
url:https://01.org/security/advisories/intel-oss-10004
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133720 // 
            
            
            
            JVNDB: JVNDB-2018-004286 // 
            
            
            
            CNNVD: CNNVD-201804-132 // 
            
            
            
            NVD: CVE-2018-3689

SOURCES
db:VULHUBid:VHN-133720
db:JVNDBid:JVNDB-2018-004286
db:CNNVDid:CNNVD-201804-132
db:NVDid:CVE-2018-3689

LAST UPDATE DATE
2024-11-23T22:52:05.850000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133720date:2021-11-23T00:00:00
db:JVNDBid:JVNDB-2018-004286date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201804-132date:2021-11-24T00:00:00
db:NVDid:CVE-2018-3689date:2024-11-21T04:05:53.730

SOURCES RELEASE DATE
db:VULHUBid:VHN-133720date:2018-04-03T00:00:00
db:JVNDBid:JVNDB-2018-004286date:2018-06-15T00:00:00
db:CNNVDid:CNNVD-201804-132date:2018-04-03T00:00:00
db:NVDid:CVE-2018-3689date:2018-04-03T16:29:00.360