Sign-up

ID

VAR-201809-0102


CVE

CVE-2018-12160


TITLE

Intel Data Center Migration Center Software Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010880

DESCRIPTION

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access. software installer is its installer

Trust: 1.71

sources: NVD: CVE-2018-12160 // JVNDB: JVNDB-2018-010880 // VULHUB: VHN-122092

AFFECTED PRODUCTS

vendor:intelmodel:data migration softwarescope:lteversion:3.1

Trust: 1.8

vendor:intelmodel:data migration softwarescope:eqversion:3.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-010880 // CNNVD: CNNVD-201809-615 // NVD: CVE-2018-12160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12160
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12160
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-615
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122092
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12160
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122092
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12160
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122092 // JVNDB: JVNDB-2018-010880 // CNNVD: CNNVD-201809-615 // NVD: CVE-2018-12160

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:CWE-427

Trust: 1.1

problemtype:CWE-74

Trust: 0.9

sources: VULHUB: VHN-122092 // JVNDB: JVNDB-2018-010880 // NVD: CVE-2018-12160

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-615

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-615

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010880

PATCH
title:INTEL-SA-00170url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html
Trust: 0.8
title:Intel Data Center Migration Center Software software installer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84874
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010880 // 
            
            
            
            CNNVD: CNNVD-201809-615

EXTERNAL IDS
db:NVDid:CVE-2018-12160
Trust: 2.5
db:JVNDBid:JVNDB-2018-010880
Trust: 0.8
db:CNNVDid:CNNVD-201809-615
Trust: 0.7
db:VULHUBid:VHN-122092
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122092 // 
            
            
            
            JVNDB: JVNDB-2018-010880 // 
            
            
            
            CNNVD: CNNVD-201809-615 // 
            
            
            
            NVD: CVE-2018-12160

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12160
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12160
Trust: 0.8
sources:
            
            
            VULHUB: VHN-122092 // 
            
            
            
            JVNDB: JVNDB-2018-010880 // 
            
            
            
            CNNVD: CNNVD-201809-615 // 
            
            
            
            NVD: CVE-2018-12160

SOURCES
db:VULHUBid:VHN-122092
db:JVNDBid:JVNDB-2018-010880
db:CNNVDid:CNNVD-201809-615
db:NVDid:CVE-2018-12160

LAST UPDATE DATE
2024-11-23T22:00:19.225000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122092date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-010880date:2018-12-27T00:00:00
db:CNNVDid:CNNVD-201809-615date:2020-10-22T00:00:00
db:NVDid:CVE-2018-12160date:2024-11-21T03:44:40.620

SOURCES RELEASE DATE
db:VULHUBid:VHN-122092date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-010880date:2018-12-27T00:00:00
db:CNNVDid:CNNVD-201809-615date:2018-09-13T00:00:00
db:NVDid:CVE-2018-12160date:2018-09-12T19:29:01.323