Details of VAR-201810-0090

ID

VAR-201810-0090

CVE

CVE-2018-12131

TITLE

Intel NVMe and RSTe Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-013476

DESCRIPTION

Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access. Intel NVMe and RSTe Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel NVMe and RSTe are products of Intel Corporation of the United States. Intel NVMe is an open logical device interface specification for accessing non-volatile storage media attached via the PCI Express (PCIe) bus. RSTe is an embedded fast storage software. Driver pack installers is one of the driver installers. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2018-12131 // JVNDB: JVNDB-2018-013476 // VULHUB: VHN-122060

AFFECTED PRODUCTS

vendor:	intel	model:	client nvme	scope:	lt	version:	4.0.0.1007	Trust: 1.0
vendor:	intel	model:	rapid storage technology	scope:	lt	version:	4.7.0.2083	Trust: 1.0
vendor:	intel	model:	datacenter nvme	scope:	lte	version:	4.0.0.1006	Trust: 1.0
vendor:	intel	model:	client nvme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	datacenter nvme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	rapid store technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	datacenter nvme	scope:	eq	version:	4.0.0.1006	Trust: 0.6

sources: JVNDB: JVNDB-2018-013476 // CNNVD: CNNVD-201810-496 // NVD: CVE-2018-12131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12131
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-12131
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-496
value:	HIGH
Trust: 0.6
VULHUB:	VHN-122060
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-12131
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122060
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12131
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122060 // JVNDB: JVNDB-2018-013476 // CNNVD: CNNVD-201810-496 // NVD: CVE-2018-12131

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.8

sources: VULHUB: VHN-122060 // JVNDB: JVNDB-2018-013476 // NVD: CVE-2018-12131

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201810-496

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201810-496

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013476

PATCH

title:	INTEL-SA-00154	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00154.html	Trust: 0.8
title:	Intel NVMe and Intel RSTe Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85663	Trust: 0.6

sources: JVNDB: JVNDB-2018-013476 // CNNVD: CNNVD-201810-496

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12131	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-013476	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-496	Trust: 0.7
db:	CNVD	id:	CNVD-2020-18623	Trust: 0.1
db:	VULHUB	id:	VHN-122060	Trust: 0.1

sources: VULHUB: VHN-122060 // JVNDB: JVNDB-2018-013476 // CNNVD: CNNVD-201810-496 // NVD: CVE-2018-12131

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00154.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12131	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12131	Trust: 0.8

sources: VULHUB: VHN-122060 // JVNDB: JVNDB-2018-013476 // CNNVD: CNNVD-201810-496 // NVD: CVE-2018-12131

SOURCES

db:	VULHUB	id:	VHN-122060
db:	JVNDB	id:	JVNDB-2018-013476
db:	CNNVD	id:	CNNVD-201810-496
db:	NVD	id:	CVE-2018-12131

LAST UPDATE DATE

2024-11-23T22:21:55.428000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122060	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013476	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-496	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-12131	date:	2024-11-21T03:44:39.063

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122060	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-013476	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-496	date:	2018-10-11T00:00:00
db:	NVD	id:	CVE-2018-12131	date:	2018-10-10T14:29:00.277