Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-3659 (GCVE-0-2018-3659)
Vulnerability from cvelistv5 – Published: 2018-09-12 19:00 – Updated: 2024-09-17 02:20
VLAI?
EPSS
Summary
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Intel(R) Platform Trust Technology (PTT) |
Affected:
Before version 12.0.5.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Platform Trust Technology (PTT)",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "Before version 12.0.5."
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-25T09:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Platform Trust Technology (PTT)",
"version": {
"version_data": [
{
"version_value": "Before version 12.0.5."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180924-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3659",
"datePublished": "2018-09-12T19:00:00Z",
"dateReserved": "2017-12-28T00:00:00",
"dateUpdated": "2024-09-17T02:20:51.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.0.5\", \"matchCriteriaId\": \"AA360B3E-90A5-4F3A-A89B-A41BDFEBD4ED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.0\", \"matchCriteriaId\": \"D002CA65-494F-432A-A653-F6F502F6D6C6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el m\\u00f3dulo Intel PTT en el firmware Intel CSME en versiones anteriores a la 12.0.5 y el firmware Intel TXE en versiones anteriores a la 4.0 podr\\u00eda permitir que un usuario no autenticado divulgue informaci\\u00f3n mediante acceso f\\u00edsico.\"}]",
"id": "CVE-2018-3659",
"lastModified": "2024-11-21T04:05:51.160",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-09-12T19:29:03.107",
"references": "[{\"url\": \"https://security.netapp.com/advisory/ntap-20180924-0003/\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180924-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-3659\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2018-09-12T19:29:03.107\",\"lastModified\":\"2024-11-21T04:05:51.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el m\u00f3dulo Intel PTT en el firmware Intel CSME en versiones anteriores a la 12.0.5 y el firmware Intel TXE en versiones anteriores a la 4.0 podr\u00eda permitir que un usuario no autenticado divulgue informaci\u00f3n mediante acceso f\u00edsico.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.0.5\",\"matchCriteriaId\":\"AA360B3E-90A5-4F3A-A89B-A41BDFEBD4ED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0\",\"matchCriteriaId\":\"D002CA65-494F-432A-A653-F6F502F6D6C6\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20180924-0003/\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180924-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2018-AVI-432
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Server Board S2600WT (Grantley) | ||
| Intel | N/A | Intel Server Board S2600TP (Grantley) | ||
| Intel | N/A | Intel Server Board S2600BP (Purley) | ||
| Intel | N/A | Intel Server Board S2600WF | ||
| Intel | N/A | Intel Server Board S2600ST | ||
| Intel | N/A | Intel Extreme Tuning Utility versions antérieures à 6.4.1.23. | ||
| Intel | N/A | Intel Driver & Support Assistant versions antérieures à 3.5.0.1 | ||
| Intel | N/A | Intel Computing Improvement Program versions antérieures à 2.2.0.03942 | ||
| Intel | N/A | Intel Data Migration Software versions 3.1 et antérieures | ||
| Intel | N/A | Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et antérieures | ||
| Intel | N/A | Intel IoT Developers Kit versions 4.0 et antérieures | ||
| Intel | N/A | Intel NUC Kit NUC7CJYH | ||
| Intel | N/A | Intel NUC Kit NUC8i7HNK | ||
| Intel | N/A | Intel Compute Card CD1M3128MK | ||
| Intel | N/A | Intel Compute Card CD1IV128MK | ||
| Intel | N/A | Intel Compute Card CD1P64GK | ||
| Intel | N/A | Intel NUC Kit NUC7i7DNKE | ||
| Intel | N/A | Intel NUC Kit NUC7i5DNKE | ||
| Intel | N/A | Intel NUC Kit NUC7i3DNHE | ||
| Intel | N/A | Intel NUC Kit NUC7i7BNH | ||
| Intel | N/A | Intel NUC Kit NUC6CAYS | ||
| Intel | N/A | Intel NUC Kit DE3815TYBE | ||
| Intel | N/A | Intel NUC Kit NUC6i5SYH | ||
| Intel | N/A | Intel NUC Kit NUC6i7KYK | ||
| Intel | N/A | Intel NUC Kit NUC5PGYH | ||
| Intel | N/A | Intel NUC Kit NUC5CPYH | ||
| Intel | N/A | Intel NUC Kit NUC5i7RYH | ||
| Intel | N/A | Intel NUC Kit NUC5i5MYHE | ||
| Intel | N/A | Intel NUC Kit NUC5i3MYHE | ||
| Intel | N/A | Intel NUC Kit DN2820FYKH | ||
| Intel | N/A | Intel NUC Kit D54250WYB | ||
| Intel | N/A | Intel NUC Kit D53427RKE | ||
| Intel | N/A | Intel NUC Kit D33217GKE | ||
| Intel | N/A | Intel Compute Stick STK2mv64CC | ||
| Intel | N/A | Intel Compute Stick STK2m3W64CC | ||
| Intel | N/A | Intel Compute Stick STK1AW32SC | ||
| Intel | N/A | Intel Compute Stick STCK1A32WFC | ||
| Intel | N/A | Intel Centrino Wireless-N 135 | ||
| Intel | N/A | Intel Centrino Wireless-N 2230 | ||
| Intel | N/A | Intel Centrino Advanced-N 6235 | ||
| Intel | N/A | Intel Centrino Wireless-N 130 | ||
| Intel | N/A | Intel Centrino Wireless-N 1030 | ||
| Intel | N/A | Intel Centrino Advanced-N 6230 | ||
| Intel | N/A | Intel Distribution pour Python 2018 téléchargé avant le 6 août 2018 | ||
| Intel | N/A | Processeur Intel Atom C3000 Series Platform avec un microgiciel antérieure à 4.00.04.177.0 | ||
| Intel | N/A | Processeur Intel Xeon D-2100 Family Platform avec un microgiciel antérieure à 4.00.04.077.0 | ||
| Intel | N/A | Processeur Intel Xeon Scalable Family Platforms avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel antérieure à 4.x.05 | ||
| Intel | N/A | Processeur de la famille Intel Core de 6ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur de la famille Intel Core de 7ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur de la famille Intel Core de 8ème génération avec un microgiciel (CSME) antérieure à 12.0.6 | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur Intel Xeon W avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Processeur Intel Core X-Series avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Processeur Intel Xeon Scalable avec un microgiciel (CSME) antérieure à 11.21.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.8.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.11.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.21.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 12.0.6 | ||
| Intel | N/A | Intel ME versions antérieures à 10.0.60 | ||
| Intel | N/A | Intel ME versions antérieures à 9.5.65 | ||
| Intel | N/A | Intel ME versions antérieures à 9.1.45 | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 3.1.55 | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 4.0.5 | ||
| Intel | N/A | Intel Data Center manager versions antérieures à 5.1 | ||
| Intel | N/A | Outil de détection pour la vulnérabilité Intel-SA-00086 en version antérieure à 1.2.7.0 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-A_04.00.04.177.0 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-X_04.00.04.077.0 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_E5_04.00.04.381.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Server Board S2600WT (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600TP (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600BP (Purley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600WF",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600ST",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Extreme Tuning Utility versions ant\u00e9rieures \u00e0 6.4.1.23.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 3.5.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.2.0.03942",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Data Migration Software versions 3.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel IoT Developers Kit versions 4.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7CJYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC8i7HNK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1M3128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1IV128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1P64GK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i5DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i3DNHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7BNH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6CAYS",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DE3815TYBE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i5SYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i7KYK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5PGYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5CPYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i7RYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i5MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i3MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DN2820FYKH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D54250WYB",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D53427RKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D33217GKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2mv64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2m3W64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK1AW32SC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STCK1A32WFC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 135",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 2230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6235",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 130",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 1030",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution pour Python 2018 t\u00e9l\u00e9charg\u00e9 avant le 6 ao\u00fbt 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Atom C3000 Series Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon D-2100 Family Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable Family Platforms avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel ant\u00e9rieure \u00e0 4.x.05",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 6\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 7\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 8\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon W avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Core X-Series avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 10.0.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.5.65",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 3.1.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Data Center manager versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Outil de d\u00e9tection pour la vuln\u00e9rabilit\u00e9 Intel-SA-00086 en version ant\u00e9rieure \u00e0 1.2.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12162",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12162"
},
{
"name": "CVE-2018-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3655"
},
{
"name": "CVE-2018-12160",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12160"
},
{
"name": "CVE-2018-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
},
{
"name": "CVE-2018-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3669"
},
{
"name": "CVE-2018-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12151"
},
{
"name": "CVE-2018-12148",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12148"
},
{
"name": "CVE-2018-12149",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12149"
},
{
"name": "CVE-2018-12176",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12176"
},
{
"name": "CVE-2018-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3659"
},
{
"name": "CVE-2018-12171",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12171"
},
{
"name": "CVE-2018-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
},
{
"name": "CVE-2018-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3643"
},
{
"name": "CVE-2018-12175",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12175"
},
{
"name": "CVE-2018-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
},
{
"name": "CVE-2017-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15361"
},
{
"name": "CVE-2018-12150",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12150"
},
{
"name": "CVE-2018-12163",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12163"
},
{
"name": "CVE-2018-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3686"
},
{
"name": "CVE-2018-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3679"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00119 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00125 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00162 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00181 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00149 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00148 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00141 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00173 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00177 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00165 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00170 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00172 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00142 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00176 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00143 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00131 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
}
]
}
CERTFR-2018-AVI-432
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Server Board S2600WT (Grantley) | ||
| Intel | N/A | Intel Server Board S2600TP (Grantley) | ||
| Intel | N/A | Intel Server Board S2600BP (Purley) | ||
| Intel | N/A | Intel Server Board S2600WF | ||
| Intel | N/A | Intel Server Board S2600ST | ||
| Intel | N/A | Intel Extreme Tuning Utility versions antérieures à 6.4.1.23. | ||
| Intel | N/A | Intel Driver & Support Assistant versions antérieures à 3.5.0.1 | ||
| Intel | N/A | Intel Computing Improvement Program versions antérieures à 2.2.0.03942 | ||
| Intel | N/A | Intel Data Migration Software versions 3.1 et antérieures | ||
| Intel | N/A | Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et antérieures | ||
| Intel | N/A | Intel IoT Developers Kit versions 4.0 et antérieures | ||
| Intel | N/A | Intel NUC Kit NUC7CJYH | ||
| Intel | N/A | Intel NUC Kit NUC8i7HNK | ||
| Intel | N/A | Intel Compute Card CD1M3128MK | ||
| Intel | N/A | Intel Compute Card CD1IV128MK | ||
| Intel | N/A | Intel Compute Card CD1P64GK | ||
| Intel | N/A | Intel NUC Kit NUC7i7DNKE | ||
| Intel | N/A | Intel NUC Kit NUC7i5DNKE | ||
| Intel | N/A | Intel NUC Kit NUC7i3DNHE | ||
| Intel | N/A | Intel NUC Kit NUC7i7BNH | ||
| Intel | N/A | Intel NUC Kit NUC6CAYS | ||
| Intel | N/A | Intel NUC Kit DE3815TYBE | ||
| Intel | N/A | Intel NUC Kit NUC6i5SYH | ||
| Intel | N/A | Intel NUC Kit NUC6i7KYK | ||
| Intel | N/A | Intel NUC Kit NUC5PGYH | ||
| Intel | N/A | Intel NUC Kit NUC5CPYH | ||
| Intel | N/A | Intel NUC Kit NUC5i7RYH | ||
| Intel | N/A | Intel NUC Kit NUC5i5MYHE | ||
| Intel | N/A | Intel NUC Kit NUC5i3MYHE | ||
| Intel | N/A | Intel NUC Kit DN2820FYKH | ||
| Intel | N/A | Intel NUC Kit D54250WYB | ||
| Intel | N/A | Intel NUC Kit D53427RKE | ||
| Intel | N/A | Intel NUC Kit D33217GKE | ||
| Intel | N/A | Intel Compute Stick STK2mv64CC | ||
| Intel | N/A | Intel Compute Stick STK2m3W64CC | ||
| Intel | N/A | Intel Compute Stick STK1AW32SC | ||
| Intel | N/A | Intel Compute Stick STCK1A32WFC | ||
| Intel | N/A | Intel Centrino Wireless-N 135 | ||
| Intel | N/A | Intel Centrino Wireless-N 2230 | ||
| Intel | N/A | Intel Centrino Advanced-N 6235 | ||
| Intel | N/A | Intel Centrino Wireless-N 130 | ||
| Intel | N/A | Intel Centrino Wireless-N 1030 | ||
| Intel | N/A | Intel Centrino Advanced-N 6230 | ||
| Intel | N/A | Intel Distribution pour Python 2018 téléchargé avant le 6 août 2018 | ||
| Intel | N/A | Processeur Intel Atom C3000 Series Platform avec un microgiciel antérieure à 4.00.04.177.0 | ||
| Intel | N/A | Processeur Intel Xeon D-2100 Family Platform avec un microgiciel antérieure à 4.00.04.077.0 | ||
| Intel | N/A | Processeur Intel Xeon Scalable Family Platforms avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel antérieure à 4.x.05 | ||
| Intel | N/A | Processeur de la famille Intel Core de 6ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur de la famille Intel Core de 7ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur de la famille Intel Core de 8ème génération avec un microgiciel (CSME) antérieure à 12.0.6 | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Processeur Intel Xeon W avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Processeur Intel Core X-Series avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Processeur Intel Xeon Scalable avec un microgiciel (CSME) antérieure à 11.21.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.8.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.11.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.21.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 12.0.6 | ||
| Intel | N/A | Intel ME versions antérieures à 10.0.60 | ||
| Intel | N/A | Intel ME versions antérieures à 9.5.65 | ||
| Intel | N/A | Intel ME versions antérieures à 9.1.45 | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 3.1.55 | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 4.0.5 | ||
| Intel | N/A | Intel Data Center manager versions antérieures à 5.1 | ||
| Intel | N/A | Outil de détection pour la vulnérabilité Intel-SA-00086 en version antérieure à 1.2.7.0 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-A_04.00.04.177.0 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-X_04.00.04.077.0 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_E5_04.00.04.381.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Server Board S2600WT (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600TP (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600BP (Purley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600WF",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600ST",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Extreme Tuning Utility versions ant\u00e9rieures \u00e0 6.4.1.23.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 3.5.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.2.0.03942",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Data Migration Software versions 3.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel IoT Developers Kit versions 4.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7CJYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC8i7HNK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1M3128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1IV128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1P64GK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i5DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i3DNHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7BNH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6CAYS",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DE3815TYBE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i5SYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i7KYK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5PGYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5CPYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i7RYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i5MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i3MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DN2820FYKH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D54250WYB",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D53427RKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D33217GKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2mv64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2m3W64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK1AW32SC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STCK1A32WFC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 135",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 2230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6235",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 130",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 1030",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution pour Python 2018 t\u00e9l\u00e9charg\u00e9 avant le 6 ao\u00fbt 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Atom C3000 Series Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon D-2100 Family Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable Family Platforms avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel ant\u00e9rieure \u00e0 4.x.05",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 6\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 7\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 8\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon W avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Core X-Series avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 10.0.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.5.65",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 3.1.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Data Center manager versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Outil de d\u00e9tection pour la vuln\u00e9rabilit\u00e9 Intel-SA-00086 en version ant\u00e9rieure \u00e0 1.2.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12162",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12162"
},
{
"name": "CVE-2018-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3655"
},
{
"name": "CVE-2018-12160",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12160"
},
{
"name": "CVE-2018-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
},
{
"name": "CVE-2018-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3669"
},
{
"name": "CVE-2018-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12151"
},
{
"name": "CVE-2018-12148",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12148"
},
{
"name": "CVE-2018-12149",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12149"
},
{
"name": "CVE-2018-12176",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12176"
},
{
"name": "CVE-2018-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3659"
},
{
"name": "CVE-2018-12171",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12171"
},
{
"name": "CVE-2018-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
},
{
"name": "CVE-2018-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3643"
},
{
"name": "CVE-2018-12175",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12175"
},
{
"name": "CVE-2018-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
},
{
"name": "CVE-2017-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15361"
},
{
"name": "CVE-2018-12150",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12150"
},
{
"name": "CVE-2018-12163",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12163"
},
{
"name": "CVE-2018-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3686"
},
{
"name": "CVE-2018-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3679"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00119 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00125 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00162 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00181 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00149 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00148 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00141 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00173 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00177 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00165 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00170 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00172 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00142 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00176 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00143 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00131 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
}
]
}
GSD-2018-3659
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-3659",
"description": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.",
"id": "GSD-2018-3659"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-3659"
],
"details": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.",
"id": "GSD-2018-3659",
"modified": "2023-12-13T01:22:43.320892Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Platform Trust Technology (PTT)",
"version": {
"version_data": [
{
"version_value": "Before version 12.0.5."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180924-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3659"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180924-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2018-09-12T19:29Z"
}
}
}
VAR-201809-1076
Vulnerability from variot - Updated: 2023-12-18 13:13A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access. Both Intel CSME and Intel TXE are products of Intel Corporation of the United States. Intel CSME is a converged security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel PTT module is one of the trusted platform modules. An attacker in physical proximity could exploit this vulnerability to disclose information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "12.0.5"
},
{
"model": "trusted execution engine",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "4.0"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "trusted execution engine",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3659"
}
]
},
"cve": "CVE-2018-3659",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-3659",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-133690",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-3659",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3659",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-603",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-133690",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133690"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access. Both Intel CSME and Intel TXE are products of Intel Corporation of the United States. Intel CSME is a converged security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel PTT module is one of the trusted platform modules. An attacker in physical proximity could exploit this vulnerability to disclose information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "VULHUB",
"id": "VHN-133690"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3659",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010879",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-603",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-133690",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133690"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"id": "VAR-201809-1076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-133690"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:13:40.277000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00142",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"title": "Intel CSME and Intel TXE PTT Repair measures for module security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84862"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133690"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "NVD",
"id": "CVE-2018-3659"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3659"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3659"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133690"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-133690"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-133690"
},
{
"date": "2018-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"date": "2018-09-12T19:29:03.107000",
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-133690"
},
{
"date": "2018-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010879"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-3659"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel CSME firmware and TXE Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-603"
}
],
"trust": 0.6
}
}
FKIE_CVE-2018-3659
Vulnerability from fkie_nvd - Published: 2018-09-12 19:29 - Updated: 2024-11-21 04:05
Severity ?
Summary
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
References
| URL | Tags | ||
|---|---|---|---|
| secure@intel.com | https://security.netapp.com/advisory/ntap-20180924-0003/ | Third Party Advisory | |
| secure@intel.com | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180924-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | converged_security_management_engine_firmware | * | |
| intel | trusted_execution_engine_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA360B3E-90A5-4F3A-A89B-A41BDFEBD4ED",
"versionEndExcluding": "12.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D002CA65-494F-432A-A653-F6F502F6D6C6",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el m\u00f3dulo Intel PTT en el firmware Intel CSME en versiones anteriores a la 12.0.5 y el firmware Intel TXE en versiones anteriores a la 4.0 podr\u00eda permitir que un usuario no autenticado divulgue informaci\u00f3n mediante acceso f\u00edsico."
}
],
"id": "CVE-2018-3659",
"lastModified": "2024-11-21T04:05:51.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T19:29:03.107",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180924-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2020-16623
Vulnerability from cnvd - Published: 2020-03-10
VLAI Severity ?
Title
Intel CSME和Intel TXE PTT模块权限许可和访问控制问题漏洞
Description
Intel CSME和Intel TXE都是美国英特尔(Intel)公司的产品。Intel CSME是一款融合安全管理引擎。Intel TXE是一款使用在CPU(中央处理器)中具有硬件验证功能的信任执行引擎。Intel PTT module是其中的一个可信平台模块。
Intel CSME和Intel TXE PTT模块存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞泄露信息。
Severity
中
Patch Name
Intel CSME和Intel TXE PTT模块权限许可和访问控制问题漏洞的补丁
Patch Description
Intel CSME和Intel TXE都是美国英特尔(Intel)公司的产品。Intel CSME是一款融合安全管理引擎。Intel TXE是一款使用在CPU(中央处理器)中具有硬件验证功能的信任执行引擎。Intel PTT module是其中的一个可信平台模块。
Intel CSME和Intel TXE PTT模块存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞泄露信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-3659
Impacted products
| Name | ['Intel CSME <12.0.5', 'Intel TXE <4.0'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-3659"
}
},
"description": "Intel CSME\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel CSME\u662f\u4e00\u6b3e\u878d\u5408\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002Intel PTT module\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\u3002\n\nIntel CSME\u548cIntel TXE PTT\u6a21\u5757\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-16623",
"openTime": "2020-03-10",
"patchDescription": "Intel CSME\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel CSME\u662f\u4e00\u6b3e\u878d\u5408\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002Intel PTT module\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u53ef\u4fe1\u5e73\u53f0\u6a21\u5757\u3002\r\n\r\nIntel CSME\u548cIntel TXE PTT\u6a21\u5757\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Intel CSME\u548cIntel TXE PTT\u6a21\u5757\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Intel CSME \u003c12.0.5",
"Intel TXE \u003c4.0"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-3659",
"serverity": "\u4e2d",
"submitTime": "2018-09-16",
"title": "Intel CSME\u548cIntel TXE PTT\u6a21\u5757\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}
GHSA-HRPF-W86J-42RG
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52
VLAI?
Details
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
Severity ?
6.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2018-3659"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-12T19:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.",
"id": "GHSA-hrpf-w86j-42rg",
"modified": "2022-05-13T01:52:33Z",
"published": "2022-05-13T01:52:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3659"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180924-0003"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…