var-201809-1103
Vulnerability from variot
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. Intel Atom Processor C3000 Series Platform and other products are processor products of Intel Corporation of the United States. The Intel Power Management Controller is one of the power management controllers.
A security vulnerability exists in the Intel Power Management Controller. A local attacker could exploit this vulnerability to escalate permissions or reveal information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-1103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "converged security management engine",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "12.0.6"
},
{
"model": "server platform services",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "4.00.04"
},
{
"model": "converged security management engine",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server platform services",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "11.8.55"
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "11.11.55"
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "11.21.55"
},
{
"model": "converged security and management engine",
"scope": "lt",
"trust": 0.6,
"vendor": "intel",
"version": "12.0.6"
},
{
"model": "server platform services",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "4.x.04"
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "converged security management engine",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "12.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "converged security management engine",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "server platform services",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:converged_security_management_engine_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:server_platform_services_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
}
]
},
"cve": "CVE-2018-3643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-3643",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-41628",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-133674",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2018-3643",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3643",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-3643",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41628",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-607",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-133674",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code. Intel Atom Processor C3000 Series Platform and other products are processor products of Intel Corporation of the United States. The Intel Power Management Controller is one of the power management controllers. \n\nA security vulnerability exists in the Intel Power Management Controller. A local attacker could exploit this vulnerability to escalate permissions or reveal information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3643"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "VULHUB",
"id": "VHN-133674"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3643",
"trust": 3.3
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-41628",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983",
"trust": 0.8
},
{
"db": "IVD",
"id": "F691CF6E-9D50-48B4-8B54-12F77051A648",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-133674",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"id": "VAR-201809-1103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
}
],
"trust": 1.4625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
}
]
},
"last_update_date": "2024-11-23T22:06:36.484000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00131",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
},
{
"title": "Patch for Unknown vulnerabilities in Intel Power Management Controller",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191341"
},
{
"title": "Intel Power Management Controller Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84866"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03873en_us"
},
{
"trust": 2.3,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180924-0002/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3643"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3643"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03873en_us"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"db": "VULHUB",
"id": "VHN-133674"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
},
{
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "IVD",
"id": "f691cf6e-9d50-48b4-8b54-12f77051a648"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"date": "2018-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-133674"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-607"
},
{
"date": "2018-09-12T19:29:02.557000",
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41628"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-133674"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010983"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-607"
},
{
"date": "2024-11-21T04:05:49.770000",
"db": "NVD",
"id": "CVE-2018-3643"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Converged Security and Management Engine and Server Platform Services Firmware vulnerabilities related to authorization, authority, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-607"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.