cnvd - cnvd-2020-18567

CNVD-2020-18567

Vulnerability from cnvd - Published: 2020-03-22

Title

Intel 8th Generation Intel Core Processor和7th Generation Intel Core Processor权限许可和访问控制问题漏洞

Description

8th Generation Intel Core Processor和7th Generation Intel Core Processor都是美国英特尔（Intel）公司的产品。8th Generation Intel Core Processor是一款第八代Core系列中央处理器（CPU）。7th Generation Intel Core Processor是一款第七代Core系列中央处理器（CPU）。 Intel 8th Generation Intel Core Processor和7th Generation Intel Core Processor存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞提升权限。

Severity

高

Patch Name

Intel 8th Generation Intel Core Processor和7th Generation Intel Core Processor权限许可和访问控制问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-12202

Impacted products

Name
['Intel 8th Generation Intel Core Processor', 'Intel 7th Generation Intel Core Processor']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12202",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12202"
    }
  },
  "description": "8th Generation Intel Core Processor\u548c7th Generation Intel Core Processor\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u30028th Generation Intel Core Processor\u662f\u4e00\u6b3e\u7b2c\u516b\u4ee3Core\u7cfb\u5217\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u30027th Generation Intel Core Processor\u662f\u4e00\u6b3e\u7b2c\u4e03\u4ee3Core\u7cfb\u5217\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u3002\n\nIntel 8th Generation Intel Core Processor\u548c7th Generation Intel Core Processor\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-18567",
  "openTime": "2020-03-22",
  "patchDescription": "8th Generation Intel Core Processor\u548c7th Generation Intel Core Processor\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u30028th Generation Intel Core Processor\u662f\u4e00\u6b3e\u7b2c\u516b\u4ee3Core\u7cfb\u5217\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u30027th Generation Intel Core Processor\u662f\u4e00\u6b3e\u7b2c\u4e03\u4ee3Core\u7cfb\u5217\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u3002\r\n\r\nIntel 8th Generation Intel Core Processor\u548c7th Generation Intel Core Processor\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel 8th Generation Intel Core Processor\u548c7th Generation Intel Core Processor\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel 8th Generation Intel Core Processor",
      "Intel 7th Generation Intel Core Processor"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-12202",
  "serverity": "\u9ad8",
  "submitTime": "2019-03-18",
  "title": "Intel 8th Generation Intel Core Processor\u548c7th Generation Intel Core Processor\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2018-12202 (GCVE-0-2018-12202)

Vulnerability from cvelistv5 – Published: 2019-03-14 20:00 – Updated: 2024-09-17 04:25

Summary

Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access.

Severity ?

No CVSS data available.

CWE

Escalation of privilege

Assigner

intel

References

URL

Tags

	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2019031…	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Intel Platform Sample / Silicon Reference firmware	Affected: Multiple versions.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190318-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel Platform Sample / Silicon Reference firmware",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple versions."
            }
          ]
        }
      ],
      "datePublic": "2019-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-03T21:06:09",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190318-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2019-03-12T00:00:00",
          "ID": "CVE-2018-12202",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel Platform Sample / Silicon Reference firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple versions."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190318-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190318-0002/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03912en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-12202",
    "datePublished": "2019-03-14T20:00:00Z",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-09-17T04:25:02.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-18567

CVE-2018-12202 (GCVE-0-2018-12202)

Tags

Sightings

Nomenclature