cvelistv5 - CVE-2018-12147

CVE-2018-12147 (GCVE-0-2018-12147)

Vulnerability from cvelistv5 – Published: 2019-06-13 15:36 – Updated: 2024-08-05 08:30

Summary

Severity ?

No CVSS data available.

CWE

Escalation of Privilege

Assigner

intel

References

URL

	Vendor	Product	Version
	n/a	Intel(R) CSME Assets Advisory	Affected: before 11.21.55

CNVD-2020-18601

Vulnerability from cnvd - Published: 2020-03-22

Title

Intel Converged Security and Management Engine、Server Platform Services和Trusted Execution Engine HECI subsystem权限许可和访问控制问题漏洞

Description

Intel Converged Security and Management Engine（CSME）等都是美国英特尔（Intel）公司的产品。Intel Converged Security and Management Engine是一款安全管理引擎。Intel Server Platform Services（SPS）是一款服务器平台服务程序。Intel Trusted Execution Engine是一款使用在CPU（中央处理器）中具有硬件验证功能的信任执行引擎。 Intel Converged Security and Management Engine、Server Platform Services和Trusted Execution Engine HECI subsystem存在权限许可和访问控制问题漏洞。该漏洞源于网络系统或产品缺乏有效的权限许可和访问控制措施。攻击者可利用该漏洞提升权限。

Severity

高

Patch Name

Intel Converged Security and Management Engine、Server Platform Services和Trusted Execution Engine HECI subsystem权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-12147

Impacted products

Name
['Intel CSME <11.21.55', 'Intel SPS <4.0', 'Intel Trusted Execution Engine 3.1.55']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12147"
    }
  },
  "description": "Intel Converged Security and Management Engine\uff08CSME\uff09\u7b49\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel Server Platform Services\uff08SPS\uff09\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u5e73\u53f0\u670d\u52a1\u7a0b\u5e8f\u3002Intel Trusted Execution Engine\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002\n\nIntel Converged Security and Management Engine\u3001Server Platform Services\u548cTrusted Execution Engine HECI subsystem\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-18601",
  "openTime": "2020-03-22",
  "patchDescription": "Intel Converged Security and Management Engine\uff08CSME\uff09\u7b49\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel Server Platform Services\uff08SPS\uff09\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u5e73\u53f0\u670d\u52a1\u7a0b\u5e8f\u3002Intel Trusted Execution Engine\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002\r\n\r\nIntel Converged Security and Management Engine\u3001Server Platform Services\u548cTrusted Execution Engine HECI subsystem\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u6709\u6548\u7684\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u63aa\u65bd\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Converged Security and Management Engine\u3001Server Platform Services\u548cTrusted Execution Engine HECI subsystem\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel CSME \u003c11.21.55",
      "Intel SPS \u003c4.0",
      "Intel Trusted Execution Engine 3.1.55"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-12147",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-14",
  "title": "Intel Converged Security and Management Engine\u3001Server Platform Services\u548cTrusted Execution Engine HECI subsystem\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

GHSA-4C2G-M3V7-XP4R

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2024-04-04 00:56

Details

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel? Server Platform Services before version 4.0 and Intel? Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.

Severity ?

6.7 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12147"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-13T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel? Server Platform Services before version 4.0 and Intel? Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.",
  "id": "GHSA-4c2g-m3v7-xp4r",
  "modified": "2024-04-04T00:56:55Z",
  "published": "2022-05-24T16:47:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12147"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/in"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-12147

Vulnerability from fkie_nvd - Published: 2019-06-13 16:29 - Updated: 2024-11-21 03:44

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html
nvd@nist.gov	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

Impacted products

Vendor	Product	Version
intel	converged_security_management_engine_firmware	*
intel	converged_security_management_engine_firmware	*
intel	converged_security_management_engine_firmware	*
intel	server_platform_services_firmware	*
intel	trusted_execution_engine_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DC5E648-8DD3-4313-BE9D-2CE595F40D91",
              "versionEndIncluding": "11.8.50",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4E3031-2AB8-4CA2-9D85-55FE1F8BF7CC",
              "versionEndIncluding": "11.11.50",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7781499E-1729-4890-901E-0A2B7EACF949",
              "versionEndIncluding": "11.21.51",
              "versionStartIncluding": "11.20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9BE1C00-6AAB-4402-98B8-8D68DFF1358E",
              "versionEndExcluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8337C6A0-41B7-417D-BD0C-B65ACD99C5FF",
              "versionEndIncluding": "3.1.50",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel\u00ae Server Platform Services before version 4.0 and Intel\u00ae Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access."
    },
    {
      "lang": "es",
      "value": "La validaci\u00f3n de entrada insuficiente en el subsistema HECI en Intel (R) CSME anterior  a la versi\u00f3n 11.21.55, los Servicios de plataforma de servidor Intel\u00ae anterior a la versi\u00f3n 4.0 y el Firmware Intel\u00ae Trusted Execution Engine anterior a la versi\u00f3n 3.1.55 pueden permitir que un usuario privilegiado pueda permitir la escalada de privilegios a trav\u00e9s de acceso local."
    }
  ],
  "id": "CVE-2018-12147",
  "lastModified": "2024-11-21T03:44:39.373",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-13T16:29:00.247",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201906-0733

Vulnerability from variot - Updated: 2023-12-18 12:17

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * Service operation interruption (DoS) * * Privilege escalation * * Arbitrary code execution. Intel Converged Security and Management Engine (CSME), etc. are all products of American Intel Corporation. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services (SPS) is a server platform service program. Intel Trusted Execution Engine is a trusted execution engine with hardware verification function in the CPU (Central Processing Unit). The vulnerability stems from the lack of effective permission permissions and access control measures for network systems or products. Attackers can use this vulnerability to elevate permissions. Multiple Intel Products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0733",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "converged security management engine",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.10"
      },
      {
        "model": "converged security management engine",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.20"
      },
      {
        "model": "converged security management engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.8.50"
      },
      {
        "model": "converged security management engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.21.51"
      },
      {
        "model": "converged security management engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.11.50"
      },
      {
        "model": "server platform services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "4.0"
      },
      {
        "model": "converged security management engine",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "11.0"
      },
      {
        "model": "trusted execution engine",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3.0"
      },
      {
        "model": "trusted execution engine",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "3.1.50"
      },
      {
        "model": "active management technology",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "baseboard management controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "computing improvement program",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "csme",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "data center manager sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "driver and support assistant",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "extreme tuning utility",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc kit nuc7i7bnh",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "server platform services",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "software asset manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "trusted execution engine",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "openvino toolkit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "for windows"
      },
      {
        "model": "power management controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "csme",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "intel",
        "version": "11.21.55"
      },
      {
        "model": "sps",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "intel",
        "version": "4.0"
      },
      {
        "model": "trusted execution engine",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "3.1.55"
      },
      {
        "model": "trusted execution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.1.50"
      },
      {
        "model": "trusted execution engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.0"
      },
      {
        "model": "server platform services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "4.0"
      },
      {
        "model": "converged security management engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.21.51"
      },
      {
        "model": "converged security management engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.11.50"
      },
      {
        "model": "converged security management engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.8.50"
      },
      {
        "model": "converged security management engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.20"
      },
      {
        "model": "converged security management engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.10"
      },
      {
        "model": "converged security management engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.0"
      },
      {
        "model": "trusted execution engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.1.55"
      },
      {
        "model": "server platform services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "5.0"
      },
      {
        "model": "converged security management engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.21.55"
      },
      {
        "model": "converged security management engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.11.55"
      },
      {
        "model": "converged security management engine",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "11.8.55"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "BID",
        "id": "108785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.11.50",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.8.50",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.21.51",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1.50",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel employees and Maxim Goryachy from Positive Technologies.",
    "sources": [
      {
        "db": "BID",
        "id": "108785"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-12147",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-18601",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-122077",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-12147",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-18601",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-563",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-122077",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122077"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel\u00ae Server Platform Services before version 4.0 and Intel\u00ae Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * * information leak * * Service operation interruption (DoS) * * Privilege escalation * * Arbitrary code execution. Intel Converged Security and Management Engine (CSME), etc. are all products of American Intel Corporation. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services (SPS) is a server platform service program. Intel Trusted Execution Engine is a trusted execution engine with hardware verification function in the CPU (Central Processing Unit). The vulnerability stems from the lack of effective permission permissions and access control measures for network systems or products. Attackers can use this vulnerability to elevate permissions. Multiple Intel Products are prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to gain elevated privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "BID",
        "id": "108785"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122077"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-12147",
        "trust": 3.4
      },
      {
        "db": "JVN",
        "id": "JVNVU99931791",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "108785",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-122077",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122077"
      },
      {
        "db": "BID",
        "id": "108785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ]
  },
  "id": "VAR-201906-0733",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122077"
      }
    ],
    "trust": 1.3313131333333335
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:17:56.277000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00149",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html"
      },
      {
        "title": "INTEL-SA-00162",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
      },
      {
        "title": "INTEL-SA-00165",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
      },
      {
        "title": "INTEL-SA-00172",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html"
      },
      {
        "title": "INTEL-SA-00176",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html"
      },
      {
        "title": "INTEL-SA-00125",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
      },
      {
        "title": "INTEL-SA-00131",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
      },
      {
        "title": "INTEL-SA-00141",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
      },
      {
        "title": "INTEL-SA-00143",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html"
      },
      {
        "title": "Patch for Intel Converged Security and Management Engine, Server Platform Services, and Trusted Execution Engine HECI subsystem permissions permission and access control issues",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/210227"
      },
      {
        "title": "Intel Converged Security and Management Engine , Server Platform Services  and Trusted Execution Engine Fixes for permissions and access control issues vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93794"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122077"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12147"
      },
      {
        "trust": 1.6,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147"
      },
      {
        "trust": 1.4,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12147"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99931791"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122077"
      },
      {
        "db": "BID",
        "id": "108785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122077"
      },
      {
        "db": "BID",
        "id": "108785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12147"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122077"
      },
      {
        "date": "2018-07-09T00:00:00",
        "db": "BID",
        "id": "108785"
      },
      {
        "date": "2018-09-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "date": "2019-06-13T16:29:00.247000",
        "db": "NVD",
        "id": "CVE-2018-12147"
      },
      {
        "date": "2019-06-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-18601"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122077"
      },
      {
        "date": "2018-07-09T00:00:00",
        "db": "BID",
        "id": "108785"
      },
      {
        "date": "2019-10-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      },
      {
        "date": "2020-08-24T17:37:01.140000",
        "db": "NVD",
        "id": "CVE-2018-12147"
      },
      {
        "date": "2020-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "108785"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Multiple vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007314"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-563"
      }
    ],
    "trust": 0.6
  }
}

GSD-2018-12147

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-12147

Aliases

CVE-2018-12147

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12147",
    "description": "Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel\u00ae Server Platform Services before version 4.0 and Intel\u00ae Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.",
    "id": "GSD-2018-12147"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12147"
      ],
      "details": "Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel\u00ae Server Platform Services before version 4.0 and Intel\u00ae Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.",
      "id": "GSD-2018-12147",
      "modified": "2023-12-13T01:22:29.701589Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2018-12147",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) CSME Assets Advisory",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 11.21.55"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel\u00ae Server Platform Services before version 4.0 and Intel\u00ae Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Escalation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.11.50",
                "versionStartIncluding": "11.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.8.50",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.21.51",
                "versionStartIncluding": "11.20",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1.50",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2018-12147"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel\u00ae Server Platform Services before version 4.0 and Intel\u00ae Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html?wapkw=2018-12147"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-06-13T16:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12147 (GCVE-0-2018-12147)

CNVD-2020-18601

GHSA-4C2G-M3V7-XP4R

FKIE_CVE-2018-12147

VAR-201906-0733

GSD-2018-12147

Tags

Sightings

Nomenclature