Sign-up

ID

VAR-201808-0927


CVE

CVE-2018-3662


TITLE

Intel Saffron MemoryBase Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-008751

DESCRIPTION

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. Intel Saffron MemoryBase Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Saffron MemoryBase is a memory base kit for Saffron developed by Intel Corporation. A security vulnerability exists in Intel Saffron MemoryBase prior to 11.4

Trust: 1.71

sources: NVD: CVE-2018-3662 // JVNDB: JVNDB-2018-008751 // VULHUB: VHN-133693

AFFECTED PRODUCTS

vendor:intelmodel:saffron memorybasescope:ltversion:11.4

Trust: 1.8

sources: JVNDB: JVNDB-2018-008751 // NVD: CVE-2018-3662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3662
value: HIGH

Trust: 1.0

NVD: CVE-2018-3662
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201808-032
value: HIGH

Trust: 0.6

VULHUB: VHN-133693
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-3662
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133693
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3662
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133693 // JVNDB: JVNDB-2018-008751 // CNNVD: CNNVD-201808-032 // NVD: CVE-2018-3662

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-133693 // JVNDB: JVNDB-2018-008751 // NVD: CVE-2018-3662

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201808-032

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-032

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008751

PATCH
title:INTEL-SA-00136url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html
Trust: 0.8
title:Intel Saffron MemoryBase Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82778
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008751 // 
            
            
            
            CNNVD: CNNVD-201808-032

EXTERNAL IDS
db:NVDid:CVE-2018-3662
Trust: 2.5
db:JVNDBid:JVNDB-2018-008751
Trust: 0.8
db:CNNVDid:CNNVD-201808-032
Trust: 0.7
db:VULHUBid:VHN-133693
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133693 // 
            
            
            
            JVNDB: JVNDB-2018-008751 // 
            
            
            
            CNNVD: CNNVD-201808-032 // 
            
            
            
            NVD: CVE-2018-3662

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3662
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3662
Trust: 0.8
sources:
            
            
            VULHUB: VHN-133693 // 
            
            
            
            JVNDB: JVNDB-2018-008751 // 
            
            
            
            CNNVD: CNNVD-201808-032 // 
            
            
            
            NVD: CVE-2018-3662

SOURCES
db:VULHUBid:VHN-133693
db:JVNDBid:JVNDB-2018-008751
db:CNNVDid:CNNVD-201808-032
db:NVDid:CVE-2018-3662

LAST UPDATE DATE
2024-11-23T22:17:19.569000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133693date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008751date:2018-10-26T00:00:00
db:CNNVDid:CNNVD-201808-032date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3662date:2024-11-21T04:05:51.433

SOURCES RELEASE DATE
db:VULHUBid:VHN-133693date:2018-08-01T00:00:00
db:JVNDBid:JVNDB-2018-008751date:2018-10-26T00:00:00
db:CNNVDid:CNNVD-201808-032date:2018-08-02T00:00:00
db:NVDid:CVE-2018-3662date:2018-08-01T15:29:00.423