Details of VAR-201811-0542

ID

VAR-201811-0542

CVE

CVE-2018-3635

TITLE

Intel Rapid Store Technology Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011894

DESCRIPTION

Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. Intel Rapid Storage Technology is prone to a local privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges. Versions prior to Intel Rapid Storage Technology 16.7 are vulnerable

Trust: 1.98

sources: NVD: CVE-2018-3635 // JVNDB: JVNDB-2018-011894 // BID: 105984 // VULHUB: VHN-133666

AFFECTED PRODUCTS

vendor:	intel	model:	rapid storage technology	scope:	lt	version:	16.7	Trust: 1.0
vendor:	intel	model:	rapid storage technology	scope:	eq	version:	9.6.0.1014	Trust: 0.9
vendor:	intel	model:	rapid storage technology	scope:	eq	version:	10.1.0.1008	Trust: 0.9
vendor:	intel	model:	rapid store technology	scope:	lt	version:	16.7	Trust: 0.8
vendor:	intel	model:	rapid storage technology	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	rapid storage technology	scope:	ne	version:	16.7	Trust: 0.3

sources: BID: 105984 // JVNDB: JVNDB-2018-011894 // CNNVD: CNNVD-201811-439 // NVD: CVE-2018-3635

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-3635
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-3635
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201811-439
value:	HIGH
Trust: 0.6
VULHUB:	VHN-133666
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-3635
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-133666
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-3635
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-3635
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-133666 // JVNDB: JVNDB-2018-011894 // CNNVD: CNNVD-201811-439 // NVD: CVE-2018-3635

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-133666 // JVNDB: JVNDB-2018-011894 // NVD: CVE-2018-3635

THREAT TYPE

local

Trust: 0.9

sources: BID: 105984 // CNNVD: CNNVD-201811-439

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201811-439

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011894

PATCH

title:	INTEL-SA-00153	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00153.html	Trust: 0.8
title:	Intel Rapid Store Technology Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86844	Trust: 0.6

sources: JVNDB: JVNDB-2018-011894 // CNNVD: CNNVD-201811-439

EXTERNAL IDS

db:	NVD	id:	CVE-2018-3635	Trust: 2.8
db:	BID	id:	105984	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-011894	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-439	Trust: 0.7
db:	LENOVO	id:	LEN-25086	Trust: 0.6
db:	VULHUB	id:	VHN-133666	Trust: 0.1

sources: VULHUB: VHN-133666 // BID: 105984 // JVNDB: JVNDB-2018-011894 // CNNVD: CNNVD-201811-439 // NVD: CVE-2018-3635

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00153.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/105984	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2021/mar/55	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3635	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-3635	Trust: 0.8
url:	https://support.lenovo.com/us/en/solutions/len-25086	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3

sources: VULHUB: VHN-133666 // BID: 105984 // JVNDB: JVNDB-2018-011894 // CNNVD: CNNVD-201811-439 // NVD: CVE-2018-3635

CREDITS

Stefan Kanthak

Trust: 0.3

sources: BID: 105984

SOURCES

db:	VULHUB	id:	VHN-133666
db:	BID	id:	105984
db:	JVNDB	id:	JVNDB-2018-011894
db:	CNNVD	id:	CNNVD-201811-439
db:	NVD	id:	CVE-2018-3635

LAST UPDATE DATE

2024-11-23T23:04:56.412000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-133666	date:	2018-12-13T00:00:00
db:	BID	id:	105984	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-011894	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-439	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2018-3635	date:	2024-11-21T04:05:48.597

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-133666	date:	2018-11-14T00:00:00
db:	BID	id:	105984	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-011894	date:	2019-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201811-439	date:	2018-11-15T00:00:00
db:	NVD	id:	CVE-2018-3635	date:	2018-11-14T14:29:00.347