Details of VAR-201811-0481

ID

VAR-201811-0481

CVE

CVE-2018-3697

TITLE

Intel Media Server Studio Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-012842

DESCRIPTION

Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. Intel Media Server Studio is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with administrative privileges. Intel Media Server Studio versions prior to 2019 Beta Release are vulnerable. The product supports functions such as video encoding/decoding, audio encoding/decoding, and video filtering

Trust: 1.98

sources: NVD: CVE-2018-3697 // JVNDB: JVNDB-2018-012842 // BID: 106025 // VULHUB: VHN-133728

AFFECTED PRODUCTS

vendor:	intel	model:	media server studio	scope:	eq	version:	2015	Trust: 1.6
vendor:	intel	model:	media server studio	scope:	eq	version:	2017	Trust: 1.6
vendor:	intel	model:	media server studio	scope:	eq	version:	2016	Trust: 1.6
vendor:	intel	model:	media server studio	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	media server studio	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	media server studio beta release	scope:	ne	version:	2019	Trust: 0.3

sources: BID: 106025 // JVNDB: JVNDB-2018-012842 // CNNVD: CNNVD-201811-441 // NVD: CVE-2018-3697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3697
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-3697
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201811-441
value:	HIGH
Trust: 0.6
VULHUB:	VHN-133728
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-3697
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-133728
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-3697
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-133728 // JVNDB: JVNDB-2018-012842 // CNNVD: CNNVD-201811-441 // NVD: CVE-2018-3697

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.8

sources: VULHUB: VHN-133728 // JVNDB: JVNDB-2018-012842 // NVD: CVE-2018-3697

THREAT TYPE

local

Trust: 0.9

sources: BID: 106025 // CNNVD: CNNVD-201811-441

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201811-441

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012842

PATCH

title:	INTEL-SA-00197	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00197.html	Trust: 0.8
title:	Intel Media Server Studio Fixes for installer security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86845	Trust: 0.6

sources: JVNDB: JVNDB-2018-012842 // CNNVD: CNNVD-201811-441

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3697	Trust: 2.8
db:	BID	id:	106025	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-012842	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-441	Trust: 0.7
db:	VULHUB	id:	VHN-133728	Trust: 0.1

sources: VULHUB: VHN-133728 // BID: 106025 // JVNDB: JVNDB-2018-012842 // CNNVD: CNNVD-201811-441 // NVD: CVE-2018-3697

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00197.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/106025	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3697	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3697	Trust: 0.8
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-133728 // BID: 106025 // JVNDB: JVNDB-2018-012842 // CNNVD: CNNVD-201811-441 // NVD: CVE-2018-3697

CREDITS

SaifAllah benMassaoud

Trust: 0.3

sources: BID: 106025

SOURCES

db:	VULHUB	id:	VHN-133728
db:	BID	id:	106025
db:	JVNDB	id:	JVNDB-2018-012842
db:	CNNVD	id:	CNNVD-201811-441
db:	NVD	id:	CVE-2018-3697

LAST UPDATE DATE

2024-11-23T22:30:11.426000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-133728	date:	2019-10-03T00:00:00
db:	BID	id:	106025	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-012842	date:	2019-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201811-441	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-3697	date:	2024-11-21T04:05:54.393

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-133728	date:	2018-11-14T00:00:00
db:	BID	id:	106025	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-012842	date:	2019-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201811-441	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-3697	date:	2018-11-14T14:29:00.440