Sign-up

ID

VAR-201811-0541


CVE

CVE-2018-3621


TITLE

Intel Driver & Support Assistant Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-011893

DESCRIPTION

Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Attackers can exploit this issue to obtain potentially sensitive information. This may lead to further attacks. This tool is mainly used to get the latest applications provided by Intel

Trust: 1.98

sources: NVD: CVE-2018-3621 // JVNDB: JVNDB-2018-011893 // BID: 106308 // VULHUB: VHN-133652

AFFECTED PRODUCTS

vendor:intelmodel:driver\&support assistantscope:ltversion:3.6.0.4

Trust: 1.0

vendor:intelmodel:driver and support assistantscope:ltversion:3.6.0.4

Trust: 0.8

vendor:intelmodel:driver and support assistantscope:eqversion:3.5.0.3

Trust: 0.3

vendor:intelmodel:driver and support assistantscope:eqversion:3.4.0.4

Trust: 0.3

vendor:intelmodel:driver and support assistantscope:eqversion:3.3.1.3

Trust: 0.3

vendor:intelmodel:driver and support assistantscope:eqversion:3.2.0.9

Trust: 0.3

vendor:intelmodel:driver and support assistantscope:eqversion:3.1.1.2

Trust: 0.3

vendor:intelmodel:driver and support assistantscope:neversion:3.6.0.4

Trust: 0.3

sources: BID: 106308 // JVNDB: JVNDB-2018-011893 // NVD: CVE-2018-3621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-3621
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-3621
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-438
value: LOW

Trust: 0.6

VULHUB: VHN-133652
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-3621
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-133652
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-3621
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-133652 // JVNDB: JVNDB-2018-011893 // CNNVD: CNNVD-201811-438 // NVD: CVE-2018-3621

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-133652 // JVNDB: JVNDB-2018-011893 // NVD: CVE-2018-3621

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201811-438

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-438

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011893

PATCH
title:INTEL-SA-00187url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html
Trust: 0.8
title:Intel Driver & Support Assistant Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86839
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011893 // 
            
            
            
            CNNVD: CNNVD-201811-438

EXTERNAL IDS
db:NVDid:CVE-2018-3621
Trust: 2.8
db:JVNDBid:JVNDB-2018-011893
Trust: 0.8
db:CNNVDid:CNNVD-201811-438
Trust: 0.7
db:BIDid:106308
Trust: 0.3
db:VULHUBid:VHN-133652
Trust: 0.1
sources:
            
            
            VULHUB: VHN-133652 // 
            
            
            
            BID: 106308 // 
            
            
            
            JVNDB: JVNDB-2018-011893 // 
            
            
            
            CNNVD: CNNVD-201811-438 // 
            
            
            
            NVD: CVE-2018-3621

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00187.html
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3621
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-3621
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-133652 // 
            
            
            
            BID: 106308 // 
            
            
            
            JVNDB: JVNDB-2018-011893 // 
            
            
            
            CNNVD: CNNVD-201811-438 // 
            
            
            
            NVD: CVE-2018-3621

CREDITS
Clement Notin
Trust: 0.3
sources:
            
            
            BID: 106308

SOURCES
db:VULHUBid:VHN-133652
db:BIDid:106308
db:JVNDBid:JVNDB-2018-011893
db:CNNVDid:CNNVD-201811-438
db:NVDid:CVE-2018-3621

LAST UPDATE DATE
2024-11-23T22:58:49.452000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-133652date:2018-12-13T00:00:00
db:BIDid:106308date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-011893date:2019-01-24T00:00:00
db:CNNVDid:CNNVD-201811-438date:2018-11-19T00:00:00
db:NVDid:CVE-2018-3621date:2024-11-21T04:05:47.263

SOURCES RELEASE DATE
db:VULHUBid:VHN-133652date:2018-11-14T00:00:00
db:BIDid:106308date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-011893date:2019-01-24T00:00:00
db:CNNVDid:CNNVD-201811-438date:2018-11-15T00:00:00
db:NVDid:CVE-2018-3621date:2018-11-14T14:29:00.317