Sign-up

ID

VAR-201903-0975


CVE

CVE-2018-12190


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-001582

DESCRIPTION

Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access. Intel CSME and TXE Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). An input validation error vulnerability exists in Intel CSME and Intel TXE. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20; Intel TXE prior to 3.1.60, prior to 4.0.10

Trust: 2.43

sources: NVD: CVE-2018-12190 // JVNDB: JVNDB-2019-001582 // JVNDB: JVNDB-2018-014782 // VULHUB: VHN-122125

AFFECTED PRODUCTS

vendor:intelmodel:converged security management enginescope:ltversion:11.11.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.22.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:11.8.60

Trust: 1.8

vendor:intelmodel:converged security management enginescope:ltversion:12.0.20

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:3.1.60

Trust: 1.8

vendor:intelmodel:trusted execution enginescope:ltversion:4.0.10

Trust: 1.8

vendor:intelmodel:converged security management enginescope:gteversion:11.10

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:3.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.20

Trust: 1.0

vendor:intelmodel:trusted execution enginescope:gteversion:4.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:12.0.0

Trust: 1.0

vendor:intelmodel:converged security management enginescope:gteversion:11.0

Trust: 1.0

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2019-001582 // JVNDB: JVNDB-2018-014782 // NVD: CVE-2018-12190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12190
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12190
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-563
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122125
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12190
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122125
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12190
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122125 // JVNDB: JVNDB-2018-014782 // CNNVD: CNNVD-201903-563 // NVD: CVE-2018-12190

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-122125 // JVNDB: JVNDB-2018-014782 // NVD: CVE-2018-12190

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-563

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-563

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001582

PATCH
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:INTEL-SA-00185url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Trust: 0.8
title:Intel Converged Security and Management Engine  and Intel TXE Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90150
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            JVNDB: JVNDB-2018-014782 // 
            
            
            
            CNNVD: CNNVD-201903-563

EXTERNAL IDS
db:NVDid:CVE-2018-12190
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014782
Trust: 0.8
db:CNNVDid:CNNVD-201903-563
Trust: 0.7
db:LENOVOid:LEN-25083
Trust: 0.6
db:NSFOCUSid:42974
Trust: 0.6
db:CNVDid:CNVD-2020-18572
Trust: 0.1
db:VULHUBid:VHN-122125
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122125 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            JVNDB: JVNDB-2018-014782 // 
            
            
            
            CNNVD: CNNVD-201903-563 // 
            
            
            
            NVD: CVE-2018-12190

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-12190
Trust: 1.4
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12190
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25083
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42974
Trust: 0.6
sources:
            
            
            VULHUB: VHN-122125 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            JVNDB: JVNDB-2018-014782 // 
            
            
            
            CNNVD: CNNVD-201903-563 // 
            
            
            
            NVD: CVE-2018-12190

CREDITS
Intel
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-563

SOURCES
db:VULHUBid:VHN-122125
db:JVNDBid:JVNDB-2019-001582
db:JVNDBid:JVNDB-2018-014782
db:CNNVDid:CNNVD-201903-563
db:NVDid:CVE-2018-12190

LAST UPDATE DATE
2024-11-23T20:07:07.180000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122125date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:JVNDBid:JVNDB-2018-014782date:2019-04-10T00:00:00
db:CNNVDid:CNNVD-201903-563date:2019-08-29T00:00:00
db:NVDid:CVE-2018-12190date:2024-11-21T03:44:43.530

SOURCES RELEASE DATE
db:VULHUBid:VHN-122125date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:JVNDBid:JVNDB-2018-014782date:2019-04-10T00:00:00
db:CNNVDid:CNNVD-201903-563date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12190date:2019-03-14T20:29:00.427