var-201906-0953
Vulnerability from variot
Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. A local attacker can exploit this issue to gain elevated privileges
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0953", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ite tech consumer infrared driver", scope: "lt", trust: 1, vendor: "intel", version: "5.4.3.0", }, { model: "accelerated storage manager", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "chipset device software", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "compute card", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "compute stick", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "core i3", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "core i5", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "core x-series", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "nuc kit", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "omni-path fabric manager gui", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "pentium", scope: "eq", trust: 0.8, vendor: "intel", version: "processor 2000 series", }, { model: "pentium", scope: "eq", trust: 0.8, vendor: "intel", version: "processor 3000 series", }, { model: "pentium", scope: "eq", trust: 0.8, vendor: "intel", version: "processor g series", }, { model: "proset/wireless software driver", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "raid web console v3", scope: "eq", trust: 0.8, vendor: "intel", version: "for windows", }, { model: "sgx dcap linux driver", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "sgx linux client driver", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "turbo boost max technology", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "xeon", scope: "eq", trust: 0.8, vendor: "intel", version: "processor e7 v3 family", }, { model: "xeon", scope: "eq", trust: 0.8, vendor: "intel", version: "processor e7 v5 family", }, { model: "xeon", scope: "eq", trust: 0.8, vendor: "intel", version: "processor e7 v7 family", }, { model: "ite tech* consumer infrared driver", scope: "eq", trust: 0.8, vendor: "intel", version: "for windows 10", }, { model: "open cloud integrity technology", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "openattestation", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "ite tech consumer infrared driver for windows", scope: "eq", trust: 0.3, vendor: "intel", version: "105.2.2", }, { model: "ite tech consumer infrared driver for windows", scope: "eq", trust: 0.3, vendor: "intel", version: "105.4.2.0", }, { model: "ite tech consumer infrared driver for windows", scope: "eq", trust: 0.3, vendor: "intel", version: "105.4.1.0", }, { model: "ite tech consumer infrared driver for windows", scope: "eq", trust: 0.3, vendor: "intel", version: "105.3.2.0", }, { model: "ite tech consumer infrared driver for windows", scope: "eq", trust: 0.3, vendor: "intel", version: "105.1.0.7", }, { model: "ite tech consumer infrared driver for windows", scope: "ne", trust: 0.3, vendor: "intel", version: "105.4.3.0", }, ], sources: [ { db: "BID", id: "108782", }, { db: "JVNDB", id: "JVNDB-2019-004980", }, { db: "NVD", id: "CVE-2018-3702", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:intel:ite_tech_consumer_infrared_driver:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "5.4.3.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-3702", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SaifAllah benMassaoud", sources: [ { db: "BID", id: "108782", }, { db: "CNNVD", id: "CNNVD-201906-564", }, ], trust: 0.9, }, cve: "CVE-2018-3702", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 1.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], severity: [ { author: "NVD", id: "CVE-2018-3702", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201906-564", trust: 0.6, value: "HIGH", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2018-3702", }, { db: "CNNVD", id: "CNNVD-201906-564", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. \nA local attacker can exploit this issue to gain elevated privileges", sources: [ { db: "NVD", id: "CVE-2018-3702", }, { db: "BID", id: "108782", }, ], trust: 1.17, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2018-3702", trust: 2.7, }, { db: "BID", id: "108782", trust: 1.9, }, { db: "JVN", id: "JVNVU95572531", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2019-004980", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201906-564", trust: 0.6, }, ], sources: [ { db: "BID", id: "108782", }, { db: "JVNDB", id: "JVNDB-2019-004980", }, { db: "NVD", id: "CVE-2018-3702", }, { db: "CNNVD", id: "CNNVD-201906-564", }, ], }, id: "VAR-201906-0953", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.25292397, }, last_update_date: "2023-12-18T11:09:28.221000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "[INTEL-SA-00248] Open Cloud Integrity Technology and OpenAttestation Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html", }, { title: "[INTEL-SA-00257] Intel Omni-Path Fabric Manager GUI Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00257.html", }, { title: "[INTEL-SA-00259] Intel RAID Web Console 3 for Windows* Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00259.html", }, { title: "[INTEL-SA-00224] Intel Chipset Device Software (INF Update Utility) Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00224.html", }, { title: "[INTEL-SA-00264] Intel NUC Firmware Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00264.html", }, { title: "[INTEL-SA-00226] Intel Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00226.html", }, { title: "[INTEL-SA-00206] ITE Tech* Consumer Infrared Driver for Windows 10 Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html", }, { title: "[INTEL-SA-00232] Intel PROSet/Wireless WiFi Software Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00232.html", }, { title: "[INTEL-SA-00235] Intel SGX for Linux Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00235.html", }, { title: "[INTEL-SA-00243] Intel Turbo Boost Max Technology 3.0 Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html", }, { title: "[INTEL-SA-00247] Partial Physical Address Leakage Advisory", trust: 0.8, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00247.html", }, { title: "Intel ITE Tech* Consumer Infrared Driver Fixes for permissions and access control issues vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93795", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-004980", }, { db: "CNNVD", id: "CNNVD-201906-564", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-732", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2018-3702", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00206.html", }, { trust: 1.6, url: "http://www.securityfocus.com/bid/108782", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2018-3702", }, { trust: 0.9, url: "http://www.intel.com/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0130", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0179", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11123", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0136", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0180", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11124", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0157", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0181", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11125", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0164", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0182", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11126", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11127", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0174", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0183", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11128", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0175", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11092", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11129", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3702", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0177", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11117", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0128", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0178", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11119", }, { trust: 0.8, url: "http://jvn.jp/cert/jvnvu95572531", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0128", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0178", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11119", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0130", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0179", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11123", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0136", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0180", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11124", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0157", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0181", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11125", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0164", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0182", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11126", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0174", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0183", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11127", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0175", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11092", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11128", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-0177", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11117", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11129", }, { trust: 0.6, url: "https://www.intel.com/content/www/us/en/security-center/advisory/in", }, ], sources: [ { db: "BID", id: "108782", }, { db: "JVNDB", id: "JVNDB-2019-004980", }, { db: "NVD", id: "CVE-2018-3702", }, { db: "CNNVD", id: "CNNVD-201906-564", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "BID", id: "108782", }, { db: "JVNDB", id: "JVNDB-2019-004980", }, { db: "NVD", id: "CVE-2018-3702", }, { db: "CNNVD", id: "CNNVD-201906-564", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108782", }, { date: "2019-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2019-004980", }, { date: "2019-06-13T16:29:00.310000", db: "NVD", id: "CVE-2018-3702", }, { date: "2019-06-13T00:00:00", db: "CNNVD", id: "CNNVD-201906-564", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-06-11T00:00:00", db: "BID", id: "108782", }, { date: "2019-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2019-004980", }, { date: "2023-03-04T01:47:53.700000", db: "NVD", id: "CVE-2018-3702", }, { date: "2020-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201906-564", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "108782", }, { db: "CNNVD", id: "CNNVD-201906-564", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Intel Multiple vulnerabilities in the product", sources: [ { db: "JVNDB", id: "JVNDB-2019-004980", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "permissions and access control issues", sources: [ { db: "CNNVD", id: "CNNVD-201906-564", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.