Sign-up

ID

VAR-201811-0482


CVE

CVE-2018-3698


TITLE

Intel Ready Mode Technology Vulnerabilities in authorization, authority and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-012835

DESCRIPTION

Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. Intel Ready Mode Technology is prone to an insecure file-permissions vulnerability. A local attacker can exploit this issue to gain elevated privileges on an affected system

Trust: 2.07

sources: NVD: CVE-2018-3698 // JVNDB: JVNDB-2018-012835 // BID: 105995 // VULHUB: VHN-133729 // VULMON: CVE-2018-3698

AFFECTED PRODUCTS

vendor:intelmodel:ready mode technologyscope: - version: -

Trust: 1.4

vendor:intelmodel:ready mode technologyscope:eqversion:*

Trust: 1.0

vendor:intelmodel:ready mode technologyscope:eqversion:0

Trust: 0.3

sources: BID: 105995 // JVNDB: JVNDB-2018-012835 // CNNVD: CNNVD-201811-442 // NVD: CVE-2018-3698

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3698
value: HIGH

Trust: 1.0

NVD: CVE-2018-3698
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201811-442
value: HIGH

Trust: 0.6

VULHUB: VHN-133729
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-3698
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-3698
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-133729
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3698
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133729 // VULMON: CVE-2018-3698 // JVNDB: JVNDB-2018-012835 // CNNVD: CNNVD-201811-442 // NVD: CVE-2018-3698

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-012835 // NVD: CVE-2018-3698

THREAT TYPE

local

Trust: 0.9

sources: BID: 105995 // CNNVD: CNNVD-201811-442

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201811-442

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012835

PATCH
title:INTEL-SA-00198url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00198.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012835

EXTERNAL IDS
db:NVDid:CVE-2018-3698
Trust: 2.9
db:BIDid:105995
Trust: 2.1
db:JVNDBid:JVNDB-2018-012835
Trust: 0.8
db:CNNVDid:CNNVD-201811-442
Trust: 0.7
db:VULHUBid:VHN-133729
Trust: 0.1
db:VULMONid:CVE-2018-3698
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133729 // 
            
            
            
            VULMON: CVE-2018-3698 // 
            
            
            
            BID: 105995 // 
            
            
            
            JVNDB: JVNDB-2018-012835 // 
            
            
            
            CNNVD: CNNVD-201811-442 // 
            
            
            
            NVD: CVE-2018-3698

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00198.html
Trust: 2.1
url:http://www.securityfocus.com/bid/105995
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3698
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3698
Trust: 0.8
url:http://www.intel.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133729 // 
            
            
            
            VULMON: CVE-2018-3698 // 
            
            
            
            BID: 105995 // 
            
            
            
            JVNDB: JVNDB-2018-012835 // 
            
            
            
            CNNVD: CNNVD-201811-442 // 
            
            
            
            NVD: CVE-2018-3698

CREDITS
Marius Gabriel Mihai
Trust: 0.3
sources:
            
            
            BID: 105995

SOURCES
db:VULHUBid:VHN-133729
db:VULMONid:CVE-2018-3698
db:BIDid:105995
db:JVNDBid:JVNDB-2018-012835
db:CNNVDid:CNNVD-201811-442
db:NVDid:CVE-2018-3698

LAST UPDATE DATE
2024-11-23T21:52:39.681000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133729date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-3698date:2019-10-03T00:00:00
db:BIDid:105995date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-012835date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-442date:2019-10-23T00:00:00
db:NVDid:CVE-2018-3698date:2024-11-21T04:05:54.510

SOURCES RELEASE DATE
db:VULHUBid:VHN-133729date:2018-11-14T00:00:00
db:VULMONid:CVE-2018-3698date:2018-11-14T00:00:00
db:BIDid:105995date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-012835date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-442date:2018-11-15T00:00:00
db:NVDid:CVE-2018-3698date:2018-11-14T14:29:00.470