Details of VAR-201809-0104

ID

VAR-201809-0104

CVE

CVE-2018-12163

TITLE

Intel IoT Developers Kit Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-009269

DESCRIPTION

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access. Intel IoT Developers Kit is an IoT development kit from Intel Corporation of the United States. installer is its installer. A local attacker could use this vulnerability to elevate privileges

Trust: 2.79

sources: NVD: CVE-2018-12163 // JVNDB: JVNDB-2018-009269 // CNVD: CNVD-2018-18898 // CNNVD: CNNVD-201809-613 // VULHUB: VHN-122095

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-18898

AFFECTED PRODUCTS

vendor:	intel	model:	iot developers kit	scope:	eq	version:	4.0	Trust: 2.4
vendor:	intel	model:	iot developers kit	scope:	lte	version:	<=4.0	Trust: 0.6

sources: CNVD: CNVD-2018-18898 // JVNDB: JVNDB-2018-009269 // CNNVD: CNNVD-201809-613 // NVD: CVE-2018-12163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12163
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-12163
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-18898
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201809-613
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-122095
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-12163
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-18898
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-122095
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12163
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.3
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-18898 // VULHUB: VHN-122095 // JVNDB: JVNDB-2018-009269 // CNNVD: CNNVD-201809-613 // NVD: CVE-2018-12163

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-122095 // JVNDB: JVNDB-2018-009269 // NVD: CVE-2018-12163

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-613

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-613

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009269

PATCH

title:	INTEL-SA-00173	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html	Trust: 0.8
title:	Patch for Intel IoT Developers Kit installer DLL injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/140321	Trust: 0.6
title:	Intel IoT Developers Kit installer Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84872	Trust: 0.6

sources: CNVD: CNVD-2018-18898 // JVNDB: JVNDB-2018-009269 // CNNVD: CNNVD-201809-613

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12163	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-009269	Trust: 0.8
db:	CNVD	id:	CNVD-2018-18898	Trust: 0.6
db:	CNNVD	id:	CNNVD-201809-613	Trust: 0.6
db:	VULHUB	id:	VHN-122095	Trust: 0.1

sources: CNVD: CNVD-2018-18898 // VULHUB: VHN-122095 // JVNDB: JVNDB-2018-009269 // CNNVD: CNNVD-201809-613 // NVD: CVE-2018-12163

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12163	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12163	Trust: 0.8

sources: CNVD: CNVD-2018-18898 // VULHUB: VHN-122095 // JVNDB: JVNDB-2018-009269 // CNNVD: CNNVD-201809-613 // NVD: CVE-2018-12163

SOURCES

db:	CNVD	id:	CNVD-2018-18898
db:	VULHUB	id:	VHN-122095
db:	JVNDB	id:	JVNDB-2018-009269
db:	CNNVD	id:	CNNVD-201809-613
db:	NVD	id:	CVE-2018-12163

LAST UPDATE DATE

2024-11-23T22:26:14.071000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-18898	date:	2018-09-14T00:00:00
db:	VULHUB	id:	VHN-122095	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-009269	date:	2018-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201809-613	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-12163	date:	2024-11-21T03:44:40.937

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-18898	date:	2018-09-14T00:00:00
db:	VULHUB	id:	VHN-122095	date:	2018-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-009269	date:	2018-11-13T00:00:00
db:	CNNVD	id:	CNNVD-201809-613	date:	2018-09-13T00:00:00
db:	NVD	id:	CVE-2018-12163	date:	2018-09-12T19:29:01.653