Sign-up

ID

VAR-201903-0987


CVE

CVE-2018-12200


TITLE

Intel(R) Capability Licensing Service Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014773

DESCRIPTION

Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Capability Licensing Service is an Intel capability licensing service interface of Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges

Trust: 2.43

sources: NVD: CVE-2018-12200 // JVNDB: JVNDB-2018-014773 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122136

AFFECTED PRODUCTS

vendor:intelmodel:capability licensing servicescope:ltversion:1.50.638.1

Trust: 1.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014773 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12200
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-12200
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-535
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122136
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12200
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122136
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12200
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122136 // JVNDB: JVNDB-2018-014773 // CNNVD: CNNVD-201903-535 // NVD: CVE-2018-12200

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-122136 // JVNDB: JVNDB-2018-014773 // NVD: CVE-2018-12200

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-535

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-535

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014773

PATCH
title:INTEL-SA-00185url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Capability Licensing Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90124
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014773 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-535

EXTERNAL IDS
db:NVDid:CVE-2018-12200
Trust: 2.5
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014773
Trust: 0.8
db:CNNVDid:CNNVD-201903-535
Trust: 0.7
db:LENOVOid:LEN-25083
Trust: 0.6
db:NSFOCUSid:42980
Trust: 0.6
db:VULHUBid:VHN-122136
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122136 // 
            
            
            
            JVNDB: JVNDB-2018-014773 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-535 // 
            
            
            
            NVD: CVE-2018-12200

REFERENCES
url:https://security.netapp.com/advisory/ntap-20190318-0001/
Trust: 1.7
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-12200
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12200
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://support.lenovo.com/us/en/solutions/len-25083
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42980
Trust: 0.6
sources:
            
            
            VULHUB: VHN-122136 // 
            
            
            
            JVNDB: JVNDB-2018-014773 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-535 // 
            
            
            
            NVD: CVE-2018-12200

CREDITS
Intel ( http://www.intel.com/ )  ?? ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-535

SOURCES
db:VULHUBid:VHN-122136
db:JVNDBid:JVNDB-2018-014773
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-535
db:NVDid:CVE-2018-12200

LAST UPDATE DATE
2024-11-23T20:00:54.537000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122136date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014773date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-535date:2019-10-08T00:00:00
db:NVDid:CVE-2018-12200date:2024-11-21T03:44:44.387

SOURCES RELEASE DATE
db:VULHUBid:VHN-122136date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014773date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-535date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12200date:2019-03-14T20:29:00.647