Sign-up

ID

VAR-201809-0096


CVE

CVE-2018-12150


TITLE

Intel Extreme Tuning Utility Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010005

DESCRIPTION

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access. Intel Extreme Tuning Utility Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Extreme Tuning Utility is a Windows-based performance debugging tool developed by Intel Corporation. Installer is its installer. There is a security vulnerability in the Installer in versions earlier than 6.4.1.21 of Intel Extreme Tuning Utility

Trust: 1.71

sources: NVD: CVE-2018-12150 // JVNDB: JVNDB-2018-010005 // VULHUB: VHN-122081

AFFECTED PRODUCTS

vendor:intelmodel:extreme tuning utilityscope:ltversion:6.4.1.21

Trust: 1.8

sources: JVNDB: JVNDB-2018-010005 // NVD: CVE-2018-12150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12150
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12150
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-617
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122081
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12150
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122081
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12150
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122081 // JVNDB: JVNDB-2018-010005 // CNNVD: CNNVD-201809-617 // NVD: CVE-2018-12150

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-122081 // JVNDB: JVNDB-2018-010005 // NVD: CVE-2018-12150

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-617

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201809-617

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010005

PATCH
title:INTEL-SA-00162url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html
Trust: 0.8
title:Intel Extreme Tuning Utility Installer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84876
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010005 // 
            
            
            
            CNNVD: CNNVD-201809-617

EXTERNAL IDS
db:NVDid:CVE-2018-12150
Trust: 2.5
db:JVNDBid:JVNDB-2018-010005
Trust: 0.8
db:CNNVDid:CNNVD-201809-617
Trust: 0.7
db:VULHUBid:VHN-122081
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122081 // 
            
            
            
            JVNDB: JVNDB-2018-010005 // 
            
            
            
            CNNVD: CNNVD-201809-617 // 
            
            
            
            NVD: CVE-2018-12150

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12150
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12150
Trust: 0.8
sources:
            
            
            VULHUB: VHN-122081 // 
            
            
            
            JVNDB: JVNDB-2018-010005 // 
            
            
            
            CNNVD: CNNVD-201809-617 // 
            
            
            
            NVD: CVE-2018-12150

SOURCES
db:VULHUBid:VHN-122081
db:JVNDBid:JVNDB-2018-010005
db:CNNVDid:CNNVD-201809-617
db:NVDid:CVE-2018-12150

LAST UPDATE DATE
2024-11-23T22:58:55.375000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122081date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-010005date:2018-12-04T00:00:00
db:CNNVDid:CNNVD-201809-617date:2018-09-13T00:00:00
db:NVDid:CVE-2018-12150date:2024-11-21T03:44:39.697

SOURCES RELEASE DATE
db:VULHUBid:VHN-122081date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-010005date:2018-12-04T00:00:00
db:CNNVDid:CNNVD-201809-617date:2018-09-13T00:00:00
db:NVDid:CVE-2018-12150date:2018-09-12T19:29:01.010