cvelistv5 - cve-2018-12158

CVE-2018-12158 (GCVE-0-2018-12158)

Vulnerability from cvelistv5 – Published: 2018-10-10 18:00 – Updated: 2024-09-17 04:10

Summary

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

intel

References

URL

Tags

https://www.intel.com/content/www/us/en/security-…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Intel NUC Firmware Kits	Affected: Before May 24, 2018

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:59.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel NUC Firmware Kits",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Before May 24, 2018"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T17:57:01",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-10-09T00:00:00",
          "ID": "CVE-2018-12158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel NUC Firmware Kits",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Before May 24, 2018"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-12158",
    "datePublished": "2018-10-10T18:00:00Z",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-09-17T04:10:27.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:next_unit_of_computing_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2018-05-24\", \"matchCriteriaId\": \"4E922643-CB08-49B4-A39C-BC1507136455\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.\"}, {\"lang\": \"es\", \"value\": \"Validaci\\u00f3n de entradas insuficiente en la utilidad de actualizaci\\u00f3n de la BIOS en los kits Intel NUC FW descargados antes del 24 de mayo del 2018 podr\\u00eda permitir que un usuario privilegiado desencadene una denegaci\\u00f3n de servicio (DoS) o una divulgaci\\u00f3n de informaci\\u00f3n mediante acceso local.\"}]",
      "id": "CVE-2018-12158",
      "lastModified": "2024-11-21T03:44:40.410",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 6.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:C\", \"baseScore\": 5.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 7.8, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-10T18:29:04.047",
      "references": "[{\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12158\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2018-10-10T18:29:04.047\",\"lastModified\":\"2024-11-21T03:44:40.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.\"},{\"lang\":\"es\",\"value\":\"Validaci\u00f3n de entradas insuficiente en la utilidad de actualizaci\u00f3n de la BIOS en los kits Intel NUC FW descargados antes del 24 de mayo del 2018 podr\u00eda permitir que un usuario privilegiado desencadene una denegaci\u00f3n de servicio (DoS) o una divulgaci\u00f3n de informaci\u00f3n mediante acceso local.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:C\",\"baseScore\":5.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":7.8,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:next_unit_of_computing_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2018-05-24\",\"matchCriteriaId\":\"4E922643-CB08-49B4-A39C-BC1507136455\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2018-12158

Vulnerability from fkie_nvd - Published: 2018-10-10 18:29 - Updated: 2024-11-21 03:44

Severity ?

6.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	next_unit_of_computing_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:next_unit_of_computing_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E922643-CB08-49B4-A39C-BC1507136455",
              "versionEndExcluding": "2018-05-24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access."
    },
    {
      "lang": "es",
      "value": "Validaci\u00f3n de entradas insuficiente en la utilidad de actualizaci\u00f3n de la BIOS en los kits Intel NUC FW descargados antes del 24 de mayo del 2018 podr\u00eda permitir que un usuario privilegiado desencadene una denegaci\u00f3n de servicio (DoS) o una divulgaci\u00f3n de informaci\u00f3n mediante acceso local."
    }
  ],
  "id": "CVE-2018-12158",
  "lastModified": "2024-11-21T03:44:40.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 5.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-10T18:29:04.047",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FV8R-R3G2-M956

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49

Details

Severity ?

6.0 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-10T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.",
  "id": "GHSA-fv8r-r3g2-m956",
  "modified": "2022-05-13T01:49:28Z",
  "published": "2022-05-13T01:49:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12158"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2020-18577

Vulnerability from cnvd - Published: 2020-03-22

Title

Intel NUC FW kits输入验证错误漏洞

Description

Intel NUC FW kits是美国英特尔（Intel）公司的一款迷你型台式机。BIOS update utility是其中的一个BIOS（）更新实用程序。 Intel NUC FW kits存在输入验证错误漏洞。攻击者可利用该漏洞造成拒绝服务或信息泄露。

Severity

中

Patch Name

Intel NUC FW kits输入验证错误漏洞的补丁

Patch Description

Intel NUC FW kits是美国英特尔（Intel）公司的一款迷你型台式机。BIOS update utility是其中的一个BIOS（）更新实用程序。 Intel NUC FW kits存在输入验证错误漏洞。攻击者可利用该漏洞造成拒绝服务或信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-12158

Impacted products

Name
Intel NUC FW kits <2018年5月24日

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12158",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12158"
    }
  },
  "description": "Intel NUC FW kits\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8ff7\u4f60\u578b\u53f0\u5f0f\u673a\u3002BIOS update utility\u662f\u5176\u4e2d\u7684\u4e00\u4e2aBIOS\uff08\uff09\u66f4\u65b0\u5b9e\u7528\u7a0b\u5e8f\u3002\n\nIntel NUC FW kits\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-18577",
  "openTime": "2020-03-22",
  "patchDescription": "Intel NUC FW kits\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8ff7\u4f60\u578b\u53f0\u5f0f\u673a\u3002BIOS update utility\u662f\u5176\u4e2d\u7684\u4e00\u4e2aBIOS\uff08\uff09\u66f4\u65b0\u5b9e\u7528\u7a0b\u5e8f\u3002\r\n\r\nIntel NUC FW kits\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel NUC FW kits\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel NUC FW kits \u003c2018\u5e745\u670824\u65e5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-12158",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-12",
  "title": "Intel NUC FW kits\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CERTFR-2018-AVI-489

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel QuickAssist Technology pour Linux, versions antérieures à 4.2
Intel	N/A	Intel NUC Firmware Kits téléchargé avant le 24 Mai 2018
Intel	N/A	Intel Graphics Drivers versions antérieures à 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) et 20.19.x.5058 (aka 15.40.x.5058)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel INTEL-SA-00166 du 10 octobre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00168 du 10 octobre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-OSS-10005 du 10 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel QuickAssist Technology pour Linux, versions ant\u00e9rieures \u00e0 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Firmware Kits t\u00e9l\u00e9charg\u00e9 avant le 24 Mai 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Graphics Drivers versions ant\u00e9rieures \u00e0 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) et 20.19.x.5058 (aka 15.40.x.5058)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12158"
    },
    {
      "name": "CVE-2018-12193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12193"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-489",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-12T00:00:00.000000"
    },
    {
      "description": "Correction coquille.",
      "revision_date": "2023-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00166 du 10 octobre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00168 du 10 octobre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-OSS-10005 du 10 octobre 2018",
      "url": "https://01.org/security/advisories/intel-oss-10005"
    }
  ]
}

CERTFR-2018-AVI-489

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel QuickAssist Technology pour Linux, versions antérieures à 4.2
Intel	N/A	Intel NUC Firmware Kits téléchargé avant le 24 Mai 2018
Intel	N/A	Intel Graphics Drivers versions antérieures à 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) et 20.19.x.5058 (aka 15.40.x.5058)

References

Title

Publication Time

Tags

Bulletin de sécurité Intel INTEL-SA-00166 du 10 octobre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00168 du 10 octobre 2018	None	vendor-advisory
Bulletin de sécurité Intel INTEL-OSS-10005 du 10 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel QuickAssist Technology pour Linux, versions ant\u00e9rieures \u00e0 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC Firmware Kits t\u00e9l\u00e9charg\u00e9 avant le 24 Mai 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Graphics Drivers versions ant\u00e9rieures \u00e0 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) et 20.19.x.5058 (aka 15.40.x.5058)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12158"
    },
    {
      "name": "CVE-2018-12193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12193"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-489",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-12T00:00:00.000000"
    },
    {
      "description": "Correction coquille.",
      "revision_date": "2023-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00166 du 10 octobre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00168 du 10 octobre 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-OSS-10005 du 10 octobre 2018",
      "url": "https://01.org/security/advisories/intel-oss-10005"
    }
  ]
}

GSD-2018-12158

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-12158

Aliases

CVE-2018-12158

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12158",
    "description": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.",
    "id": "GSD-2018-12158"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12158"
      ],
      "details": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.",
      "id": "GSD-2018-12158",
      "modified": "2023-12-13T01:22:29.723366Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "DATE_PUBLIC": "2018-10-09T00:00:00",
        "ID": "CVE-2018-12158",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel NUC Firmware Kits",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Before May 24, 2018"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Intel Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:next_unit_of_computing_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2018-05-24",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2018-12158"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 7.8,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-10-10T18:29Z"
    }
  }
}

VAR-201810-0095

Vulnerability from variot - Updated: 2023-12-18 11:17

Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * information leak * any WebGL Code execution. Intel NUC FW kits is a mini desktop computer produced by Intel Corporation. The BIOS update utility is one of the BIOS() update utilities. A local attacker could exploit this vulnerability to cause denial of service or information disclosure

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0095",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "next unit of computing",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "intel",
        "version": "2018-05-24"
      },
      {
        "model": "nuc kits",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "2018 year 5 moon 24 before the japanese version"
      },
      {
        "model": "quickassist technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "for linux version 4.2"
      },
      {
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "10.18.x.5056 (aka 15.33.x.5056)"
      },
      {
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "10.18.x.5057 (aka 15.36.x.5057)"
      },
      {
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "20.19.x.5058 (aka 15.40.x.5058)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:intel:next_unit_of_computing_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2018-05-24",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      }
    ]
  },
  "cve": "CVE-2018-12158",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-122089",
            "impactScore": 7.8,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.2,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-12158",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-534",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-122089",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * information leak * any WebGL Code execution. Intel NUC FW kits is a mini desktop computer produced by Intel Corporation. The BIOS update utility is one of the BIOS() update utilities. A local attacker could exploit this vulnerability to cause denial of service or information disclosure",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122089"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-12158",
        "trust": 2.5
      },
      {
        "db": "JVN",
        "id": "JVNVU99973215",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-18577",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-122089",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ]
  },
  "id": "VAR-201810-0095",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122089"
      }
    ],
    "trust": 0.725
  },
  "last_update_date": "2023-12-18T11:17:55.100000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-OSS-10005 - Intel QuickAssist Technology for Linux Advisory",
        "trust": 0.8,
        "url": "https://01.org/security/advisories/intel-oss-10005"
      },
      {
        "title": "INTEL-SA-00166 - Intel Graphics Driver Unified Shader Compiler Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
      },
      {
        "title": "INTEL-SA-00168 - Intel NUC Bios Updater Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
      },
      {
        "title": "Intel NUC FW kits Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85665"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122089"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12152"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12158"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12153"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12154"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12193"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99973215/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12158"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12193"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12152"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12153"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12154"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-122089"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12158"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122089"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "date": "2018-10-10T18:29:04.047000",
        "db": "NVD",
        "id": "CVE-2018-12158"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122089"
      },
      {
        "date": "2019-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-12158"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Multiple vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-534"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12158 (GCVE-0-2018-12158)

FKIE_CVE-2018-12158

GHSA-FV8R-R3G2-M956

CNVD-2020-18577

CERTFR-2018-AVI-489

Solution

CERTFR-2018-AVI-489

Solution

GSD-2018-12158

VAR-201810-0095

Tags

Sightings

Nomenclature