VAR-201809-1103
Vulnerability from variot - Updated: 2023-12-18 13:56A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. Intel Atom Processor C3000 Series Platform and other products are processor products of Intel Corporation of the United States. The Intel Power Management Controller is one of the power management controllers.
A security vulnerability exists in the Intel Power Management Controller. A local attacker could exploit this vulnerability to escalate permissions or reveal information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "server platform services",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "4.00.04"
},
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.6"
},
{
"model": "converged security management engine",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server platform services",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "11.8.55"
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "11.11.55"
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "11.21.55"
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "12.0.6"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "4.x.04"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "12.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "converged security management engine",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "server platform services",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:server_platform_services_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.00.04",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.0.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"cve": "CVE-2018-3643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-3643",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-41628",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-133674",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-3643",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-3643",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41628",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-607",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-133674",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. Intel Atom Processor C3000 Series Platform and other products are processor products of Intel Corporation of the United States. The Intel Power Management Controller is one of the power management controllers. \n\nA security vulnerability exists in the Intel Power Management Controller. A local attacker could exploit this vulnerability to escalate permissions or reveal information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "VULHUB",
"id": "VHN-133674"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3643",
"trust": 3.3
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-41628",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983",
"trust": 0.8
},
{
"db": "IVD",
"id": "F691CF6E-9D50-48B4-8B54-12F77051A648",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-133674",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"id": "VAR-201809-1103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
}
],
"trust": 1.5666666999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
}
]
},
"last_update_date": "2023-12-18T13:56:55.122000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00131",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
},
{
"title": "Patch for Unknown vulnerabilities in Intel Power Management Controller",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191341"
},
{
"title": "Intel Power Management Controller Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84866"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03873en_us"
},
{
"trust": 2.3,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180924-0002/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3643"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3643"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03873en_us"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"date": "2018-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-133674"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"date": "2018-09-12T19:29:02.557000",
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-133674"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Converged Security and Management Engine and Server Platform Services Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…