cnvd - cnvd-2020-16620

cnvd-2020-16620

Vulnerability from cnvd

Title: Intel Driver and Support Assistant权限许可和访问控制问题漏洞

Description:

Intel Driver and Support Assistant是美国英特尔（Intel）公司的一款Intel驱动程序和支持管理工具。该工具主要用于获取Intel提供的最新应用程序。

Intel Driver and Support Assistant存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞提升权限并以管理员身份执行代码。

Severity: 高

Patch Name: Intel Driver and Support Assistant权限许可和访问控制问题漏洞的补丁

Patch Description:

Intel Driver and Support Assistant是美国英特尔（Intel）公司的一款Intel驱动程序和支持管理工具。该工具主要用于获取Intel提供的最新应用程序。

Intel Driver and Support Assistant存在权限许可和访问控制问题漏洞。攻击者可利用该漏洞提升权限并以管理员身份执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-12148

Impacted products

Name
Intel Driver and Support Assistant <3.5.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12148"
    }
  },
  "description": "Intel Driver and Support Assistant\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3eIntel\u9a71\u52a8\u7a0b\u5e8f\u548c\u652f\u6301\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u4e3b\u8981\u7528\u4e8e\u83b7\u53d6Intel\u63d0\u4f9b\u7684\u6700\u65b0\u5e94\u7528\u7a0b\u5e8f\u3002\n\nIntel Driver and Support Assistant\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u5e76\u4ee5\u7ba1\u7406\u5458\u8eab\u4efd\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-16620",
  "openTime": "2020-03-10",
  "patchDescription": "Intel Driver and Support Assistant\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3eIntel\u9a71\u52a8\u7a0b\u5e8f\u548c\u652f\u6301\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u4e3b\u8981\u7528\u4e8e\u83b7\u53d6Intel\u63d0\u4f9b\u7684\u6700\u65b0\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nIntel Driver and Support Assistant\u5b58\u5728\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u5e76\u4ee5\u7ba1\u7406\u5458\u8eab\u4efd\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Driver and Support Assistant\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Driver and Support Assistant \u003c3.5.0.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-12148",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-16",
  "title": "Intel Driver and Support Assistant\u6743\u9650\u8bb8\u53ef\u548c\u8bbf\u95ee\u63a7\u5236\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2018-12148 (GCVE-0-2018-12148)

Vulnerability from cvelistv5

Published

2018-09-12 19:00

Modified

2024-09-16 20:57

Severity ?

CWE

Escalation of Privilege

Summary

Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.

References

▼	URL	Tags
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Intel(R) Driver & Support Assistant	Version: Versions before 3.5.0.1.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:57.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) Driver \u0026 Support Assistant",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before 3.5.0.1."
            }
          ]
        }
      ],
      "datePublic": "2018-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-12T18:57:01",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-09-11T00:00:00",
          "ID": "CVE-2018-12148",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) Driver \u0026 Support Assistant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before 3.5.0.1."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-12148",
    "datePublished": "2018-09-12T19:00:00Z",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-09-16T20:57:30.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted