Sign-up

ID

VAR-201904-0623


CVE

CVE-2018-18094


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-002605

DESCRIPTION

Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Media SDK is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Media SDK 2018 R2.1 are vulnerable. This product is mainly used for video encoding, decoding and processing in Windows and embedded Linux applications. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2018-18094 // JVNDB: JVNDB-2019-002605 // BID: 107886 // VULHUB: VHN-128619

AFFECTED PRODUCTS

vendor:intelmodel:media sdkscope:eqversion:2017

Trust: 1.3

vendor:intelmodel:media sdkscope:eqversion:2018

Trust: 1.0

vendor:intelmodel:broadwellscope:ltversion:u i5 vpro mybdwi5v.86a

Trust: 0.8

vendor:intelmodel:graphics performance analyzerscope:lteversion:for linux 18.4

Trust: 0.8

vendor:intelmodel:media sdkscope:ltversion:2018 r2.1

Trust: 0.8

vendor:intelmodel:microprocessorsscope:eqversion:with virtual memory mapping

Trust: 0.8

vendor:intelmodel:media sdk r1scope:eqversion:2018

Trust: 0.3

vendor:intelmodel:media sdk r2.1scope:eqversion:2017

Trust: 0.3

vendor:intelmodel:media sdk r2.1scope:neversion:2018

Trust: 0.3

sources: BID: 107886 // JVNDB: JVNDB-2019-002605 // NVD: CVE-2018-18094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18094
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201904-603
value: HIGH

Trust: 0.6

VULHUB: VHN-128619
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18094
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-128619
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18094
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-128619 // CNNVD: CNNVD-201904-603 // NVD: CVE-2018-18094

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.1

sources: VULHUB: VHN-128619 // NVD: CVE-2018-18094

THREAT TYPE

local

Trust: 0.9

sources: BID: 107886 // CNNVD: CNNVD-201904-603

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-603

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002605

PATCH
title:INTEL-SA-00201url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00201.html
Trust: 0.8
title:INTEL-SA-00236url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00236.html
Trust: 0.8
title:INTEL-SA-00238url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00238.html
Trust: 0.8
title:INTEL-SA-00239url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00239.html
Trust: 0.8
title:Intel Media SDK Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91414
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002605 // 
            
            
            
            CNNVD: CNNVD-201904-603

EXTERNAL IDS
db:NVDid:CVE-2018-18094
Trust: 2.8
db:BIDid:107886
Trust: 2.0
db:JVNid:JVNVU90136041
Trust: 0.8
db:JVNDBid:JVNDB-2019-002605
Trust: 0.8
db:CNNVDid:CNNVD-201904-603
Trust: 0.7
db:VULHUBid:VHN-128619
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128619 // 
            
            
            
            BID: 107886 // 
            
            
            
            JVNDB: JVNDB-2019-002605 // 
            
            
            
            CNNVD: CNNVD-201904-603 // 
            
            
            
            NVD: CVE-2018-18094

REFERENCES
url:http://www.securityfocus.com/bid/107886
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00201.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2018-18094
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://software.intel.com/en-us/media-sdk
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0162
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0163
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18094
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0158
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90136041/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0158
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0162
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0163
Trust: 0.8
sources:
            
            
            VULHUB: VHN-128619 // 
            
            
            
            BID: 107886 // 
            
            
            
            JVNDB: JVNDB-2019-002605 // 
            
            
            
            CNNVD: CNNVD-201904-603 // 
            
            
            
            NVD: CVE-2018-18094

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 107886

SOURCES
db:VULHUBid:VHN-128619
db:BIDid:107886
db:JVNDBid:JVNDB-2019-002605
db:CNNVDid:CNNVD-201904-603
db:NVDid:CVE-2018-18094

LAST UPDATE DATE
2024-11-23T22:00:00.042000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-128619date:2019-10-03T00:00:00
db:BIDid:107886date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-002605date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201904-603date:2019-10-08T00:00:00
db:NVDid:CVE-2018-18094date:2024-11-21T03:55:28.250

SOURCES RELEASE DATE
db:VULHUBid:VHN-128619date:2019-04-17T00:00:00
db:BIDid:107886date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-002605date:2019-04-11T00:00:00
db:CNNVDid:CNNVD-201904-603date:2019-04-09T00:00:00
db:NVDid:CVE-2018-18094date:2019-04-17T18:29:00.217