Sign-up

ID

VAR-201805-0962


CVE

CVE-2018-3634


TITLE

Intel Online Connect Access Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005175

DESCRIPTION

Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. A local attacker can exploit this issue to crash the operating system, denying service to legitimate users. This program is used to protect identity information, login information, etc. NDIS filter driver is one of the NDIS (Network Driver Interface Specification, Network Driver Interface Specification) filter drivers

Trust: 1.98

sources: NVD: CVE-2018-3634 // JVNDB: JVNDB-2018-005175 // BID: 104250 // VULHUB: VHN-133665

AFFECTED PRODUCTS

vendor:intelmodel:online connect accessscope:eqversion:1.9.22.0

Trust: 1.7

vendor:intelmodel:online connect accessscope:lteversion:1.9.22.0

Trust: 1.0

sources: BID: 104250 // JVNDB: JVNDB-2018-005175 // CNNVD: CNNVD-201805-462 // NVD: CVE-2018-3634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3634
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3634
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-462
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3634
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133665
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3634
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-3634
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-133665 // JVNDB: JVNDB-2018-005175 // CNNVD: CNNVD-201805-462 // NVD: CVE-2018-3634

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-133665 // JVNDB: JVNDB-2018-005175 // NVD: CVE-2018-3634

THREAT TYPE

local

Trust: 0.9

sources: BID: 104250 // CNNVD: CNNVD-201805-462

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104250 // CNNVD: CNNVD-201805-462

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005175

PATCH
title:INTEL-SA-00121url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00121.html
Trust: 0.8
title:Intel Online Connect Access NDIS filter Driver security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80067
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-005175 // 
            
            
            
            CNNVD: CNNVD-201805-462

EXTERNAL IDS
db:NVDid:CVE-2018-3634
Trust: 2.8
db:BIDid:104250
Trust: 2.0
db:JVNDBid:JVNDB-2018-005175
Trust: 0.8
db:CNNVDid:CNNVD-201805-462
Trust: 0.7
db:MCAFEEid:SB10295
Trust: 0.6
db:VULHUBid:VHN-133665
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133665 // 
            
            
            
            BID: 104250 // 
            
            
            
            JVNDB: JVNDB-2018-005175 // 
            
            
            
            CNNVD: CNNVD-201805-462 // 
            
            
            
            NVD: CVE-2018-3634

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00121.html
Trust: 2.0
url:http://www.securityfocus.com/bid/104250
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3634
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3634
Trust: 0.8
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10295
Trust: 0.6
url:http://www.intel.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-133665 // 
            
            
            
            BID: 104250 // 
            
            
            
            JVNDB: JVNDB-2018-005175 // 
            
            
            
            CNNVD: CNNVD-201805-462 // 
            
            
            
            NVD: CVE-2018-3634

CREDITS
Vadim Smirnov
Trust: 0.3
sources:
            
            
            BID: 104250

SOURCES
db:VULHUBid:VHN-133665
db:BIDid:104250
db:JVNDBid:JVNDB-2018-005175
db:CNNVDid:CNNVD-201805-462
db:NVDid:CVE-2018-3634

LAST UPDATE DATE
2024-11-23T22:06:06.978000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133665date:2023-02-28T00:00:00
db:BIDid:104250date:2018-05-14T00:00:00
db:JVNDBid:JVNDB-2018-005175date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-462date:2019-08-23T00:00:00
db:NVDid:CVE-2018-3634date:2024-11-21T04:05:48.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-133665date:2018-05-15T00:00:00
db:BIDid:104250date:2018-05-14T00:00:00
db:JVNDBid:JVNDB-2018-005175date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-462date:2018-05-16T00:00:00
db:NVDid:CVE-2018-3634date:2018-05-15T14:29:00.297