cnvd - cnvd-2018-18897

CNVD-2018-18897

Vulnerability from cnvd - Published: 2018-09-14

Title

Intel Data Center Migration Center Software software installer DLL注入漏洞

Description

Intel Data Center Migration Center Software是美国英特尔（Intel）公司的一套数据中心迁移软件。software installer是它的安装程序。 Intel Data Center Migration Center Software 3.1及之前版本中的software installer存在DLL注入漏洞，本地攻击者可利用该漏洞使用默认的目录权限执行代码。

Severity

低

Patch Name

Intel Data Center Migration Center Software software installer DLL注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html

Reference

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html

Impacted products

Name
Intel Data Center Migration Center Software <=3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12160"
    }
  },
  "description": "Intel Data Center Migration Center Software\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u4e2d\u5fc3\u8fc1\u79fb\u8f6f\u4ef6\u3002software installer\u662f\u5b83\u7684\u5b89\u88c5\u7a0b\u5e8f\u3002\r\n\r\nIntel Data Center Migration Center Software 3.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684software installer\u5b58\u5728DLL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u9ed8\u8ba4\u7684\u76ee\u5f55\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18897",
  "openTime": "2018-09-14",
  "patchDescription": "Intel Data Center Migration Center Software\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u4e2d\u5fc3\u8fc1\u79fb\u8f6f\u4ef6\u3002software installer\u662f\u5b83\u7684\u5b89\u88c5\u7a0b\u5e8f\u3002\r\n\r\nIntel Data Center Migration Center Software 3.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684software installer\u5b58\u5728DLL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u7528\u9ed8\u8ba4\u7684\u76ee\u5f55\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Data Center Migration Center Software software installer DLL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Data Center Migration Center Software \u003c=3.1"
  },
  "referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html",
  "serverity": "\u4f4e",
  "submitTime": "2018-09-14",
  "title": "Intel Data Center Migration Center Software software installer DLL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2018-12160 (GCVE-0-2018-12160)

Vulnerability from cvelistv5 – Published: 2018-09-12 19:00 – Updated: 2024-09-16 19:15

Summary

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.

Severity ?

No CVSS data available.

CWE

Escalation of Privilege

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Intel(R) Data Migration Software	Affected: v3.1 and before.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Data Migration Software",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "v3.1 and before."
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-12T18:57:01",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-09-11T00:00:00",
          "ID": "CVE-2018-12160",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Data Migration Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v3.1 and before."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-12160",
    "datePublished": "2018-09-12T19:00:00Z",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-09-16T19:15:39.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-18897

CVE-2018-12160 (GCVE-0-2018-12160)

Tags

Sightings

Nomenclature