Sign-up

ID

VAR-201808-0871


CVE

CVE-2018-3671


TITLE

Intel Saffron admin Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2018-008757

DESCRIPTION

Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. An attacker could exploit this vulnerability to elevate privileges and gain access to unauthorized information

Trust: 1.71

sources: NVD: CVE-2018-3671 // JVNDB: JVNDB-2018-008757 // VULHUB: VHN-133702

AFFECTED PRODUCTS

vendor:intelmodel:saffron memorybasescope:ltversion:11.4

Trust: 1.8

sources: JVNDB: JVNDB-2018-008757 // NVD: CVE-2018-3671

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3671
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3671
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201808-028
value: MEDIUM

Trust: 0.6

VULHUB: VHN-133702
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3671
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133702
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3671
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133702 // JVNDB: JVNDB-2018-008757 // CNNVD: CNNVD-201808-028 // NVD: CVE-2018-3671

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-133702 // JVNDB: JVNDB-2018-008757 // NVD: CVE-2018-3671

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201808-028

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-028

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008757

PATCH
title:INTEL-SA-00136url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html
Trust: 0.8
title:Intel Saffron admin application Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82774
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008757 // 
            
            
            
            CNNVD: CNNVD-201808-028

EXTERNAL IDS
db:NVDid:CVE-2018-3671
Trust: 2.5
db:JVNDBid:JVNDB-2018-008757
Trust: 0.8
db:CNNVDid:CNNVD-201808-028
Trust: 0.7
db:VULHUBid:VHN-133702
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133702 // 
            
            
            
            JVNDB: JVNDB-2018-008757 // 
            
            
            
            CNNVD: CNNVD-201808-028 // 
            
            
            
            NVD: CVE-2018-3671

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3671
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3671
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133702 // 
            
            
            
            JVNDB: JVNDB-2018-008757 // 
            
            
            
            CNNVD: CNNVD-201808-028 // 
            
            
            
            NVD: CVE-2018-3671

SOURCES
db:VULHUBid:VHN-133702
db:JVNDBid:JVNDB-2018-008757
db:CNNVDid:CNNVD-201808-028
db:NVDid:CVE-2018-3671

LAST UPDATE DATE
2024-11-23T21:38:26.273000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133702date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008757date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201808-028date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3671date:2024-11-21T04:05:52.537

SOURCES RELEASE DATE
db:VULHUBid:VHN-133702date:2018-08-01T00:00:00
db:JVNDBid:JVNDB-2018-008757date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201808-028date:2018-08-02T00:00:00
db:NVDid:CVE-2018-3671date:2018-08-01T15:29:00.610