Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-12149 (GCVE-0-2018-12149)
Vulnerability from cvelistv5
Published
2018-09-12 19:00
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
References
| URL | Tags | ||
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Intel(R) Extreme Tuning Utility |
Version: Versions before 6.4.1.2. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:57.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel(R) Extreme Tuning Utility",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "Versions before 6.4.1.2."
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T18:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-12149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Extreme Tuning Utility",
"version": {
"version_data": [
{
"version_value": "Versions before 6.4.1.2."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12149",
"datePublished": "2018-09-12T19:00:00Z",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-09-16T18:33:36.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12149\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2018-09-12T19:29:00.870\",\"lastModified\":\"2024-11-21T03:44:39.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en el manejo de b\u00fafers en Intel Extreme Tuning Utility en versiones anteriores a la 6.4.1.21 podr\u00eda permitir que un usuario autenticado deniegue el servicio de la aplicaci\u00f3n mediante acceso local.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4.1.21\",\"matchCriteriaId\":\"52F7B1BD-018A-443E-8A6C-07BA917E6910\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
var-201809-0095
Vulnerability from variot
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access. A local attacker could exploit this vulnerability to cause an application denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "extreme tuning utility",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "6.4.1.21"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intel:extreme_turning_utility",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
}
]
},
"cve": "CVE-2018-12149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12149",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-122079",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2018-12149",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12149",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-12149",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-618",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-122079",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
},
{
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access. A local attacker could exploit this vulnerability to cause an application denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12149"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "VULHUB",
"id": "VHN-122079"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12149",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010004",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-618",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122079",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
},
{
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"id": "VAR-201809-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122079"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:45:15.031000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00162",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
},
{
"title": "Intel Extreme Tuning Utility Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84877"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12149"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12149"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
},
{
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
},
{
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-122079"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-618"
},
{
"date": "2018-09-12T19:29:00.870000",
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-122079"
},
{
"date": "2018-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-618"
},
{
"date": "2024-11-21T03:44:39.593000",
"db": "NVD",
"id": "CVE-2018-12149"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Extreme Tuning Utility Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010004"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-618"
}
],
"trust": 0.6
}
}
ghsa-xmqf-6397-gmvx
Vulnerability from github
Published
2022-05-14 02:01
Modified
2022-05-14 02:01
Severity ?
VLAI Severity ?
Details
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
{
"affected": [],
"aliases": [
"CVE-2018-12149"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-12T19:29:00Z",
"severity": "MODERATE"
},
"details": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.",
"id": "GHSA-xmqf-6397-gmvx",
"modified": "2022-05-14T02:01:20Z",
"published": "2022-05-14T02:01:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12149"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2018-AVI-432
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Data Center manager versions antérieures à 5.1 | ||
| Intel | N/A | Intel Centrino Wireless-N 135 | ||
| Intel | N/A | Processeur de la famille Intel Core de 6ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel NUC Kit NUC7i3DNHE | ||
| Intel | N/A | Intel Compute Card CD1P64GK | ||
| Intel | N/A | Processeur Intel Core X-Series avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Intel IoT Developers Kit versions 4.0 et antérieures | ||
| Intel | N/A | Intel NUC Kit NUC8i7HNK | ||
| Intel | N/A | Intel Server Board S2600BP (Purley) | ||
| Intel | N/A | Intel Computing Improvement Program versions antérieures à 2.2.0.03942 | ||
| Intel | N/A | Intel NUC Kit NUC7i7BNH | ||
| Intel | N/A | Intel NUC Kit NUC5PGYH | ||
| Intel | N/A | Intel Compute Stick STCK1A32WFC | ||
| Intel | N/A | Intel Centrino Wireless-N 1030 | ||
| Intel | N/A | Processeur Intel Xeon Scalable avec un microgiciel (CSME) antérieure à 11.21.55 | ||
| Intel | N/A | Intel Compute Card CD1M3128MK | ||
| Intel | N/A | Intel ME versions antérieures à 10.0.60 | ||
| Intel | N/A | Intel NUC Kit NUC7i7DNKE | ||
| Intel | N/A | Intel ME versions antérieures à 9.1.45 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.11.55 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-X_04.00.04.077.0 | ||
| Intel | N/A | Intel Centrino Wireless-N 130 | ||
| Intel | N/A | Intel Server Board S2600WF | ||
| Intel | N/A | Processeur Intel Xeon W avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel antérieure à 4.x.05 | ||
| Intel | N/A | Intel Compute Stick STK1AW32SC | ||
| Intel | N/A | Intel Server Board S2600TP (Grantley) | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_E5_04.00.04.381.0 | ||
| Intel | N/A | Intel NUC Kit NUC5CPYH | ||
| Intel | N/A | Intel NUC Kit D54250WYB | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 4.0.5 | ||
| Intel | N/A | Intel Distribution pour Python 2018 téléchargé avant le 6 août 2018 | ||
| Intel | N/A | Intel CSME versions antérieures à 12.0.6 | ||
| Intel | N/A | Intel NUC Kit NUC6i5SYH | ||
| Intel | N/A | Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Intel NUC Kit NUC6CAYS | ||
| Intel | N/A | Intel NUC Kit NUC7CJYH | ||
| Intel | N/A | Intel Centrino Advanced-N 6230 | ||
| Intel | N/A | Intel NUC Kit NUC7i5DNKE | ||
| Intel | N/A | Intel NUC Kit NUC5i5MYHE | ||
| Intel | N/A | Intel NUC Kit NUC5i7RYH | ||
| Intel | N/A | Processeur de la famille Intel Core de 8ème génération avec un microgiciel (CSME) antérieure à 12.0.6 | ||
| Intel | N/A | Intel Centrino Wireless-N 2230 | ||
| Intel | N/A | Intel NUC Kit NUC5i3MYHE | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-A_04.00.04.177.0 | ||
| Intel | N/A | Intel NUC Kit NUC6i7KYK | ||
| Intel | N/A | Intel NUC Kit D33217GKE | ||
| Intel | N/A | Processeur Intel Xeon D-2100 Family Platform avec un microgiciel antérieure à 4.00.04.077.0 | ||
| Intel | N/A | Intel ME versions antérieures à 9.5.65 | ||
| Intel | N/A | Intel NUC Kit DE3815TYBE | ||
| Intel | N/A | Intel CSME versions antérieures à 11.8.55 | ||
| Intel | N/A | Intel Server Board S2600WT (Grantley) | ||
| Intel | N/A | Intel Server Board S2600ST | ||
| Intel | N/A | Intel Data Migration Software versions 3.1 et antérieures | ||
| Intel | N/A | Intel Compute Stick STK2mv64CC | ||
| Intel | N/A | Processeur Intel Xeon Scalable Family Platforms avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Intel NUC Kit D53427RKE | ||
| Intel | N/A | Intel Compute Card CD1IV128MK | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 3.1.55 | ||
| Intel | N/A | Outil de détection pour la vulnérabilité Intel-SA-00086 en version antérieure à 1.2.7.0 | ||
| Intel | N/A | Intel Centrino Advanced-N 6235 | ||
| Intel | N/A | Intel Extreme Tuning Utility versions antérieures à 6.4.1.23. | ||
| Intel | N/A | Processeur de la famille Intel Core de 7ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.21.55 | ||
| Intel | N/A | Processeur Intel Atom C3000 Series Platform avec un microgiciel antérieure à 4.00.04.177.0 | ||
| Intel | N/A | Intel NUC Kit DN2820FYKH | ||
| Intel | N/A | Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et antérieures | ||
| Intel | N/A | Intel Compute Stick STK2m3W64CC | ||
| Intel | N/A | Intel Driver & Support Assistant versions antérieures à 3.5.0.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Data Center manager versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 135",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 6\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i3DNHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1P64GK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Core X-Series avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel IoT Developers Kit versions 4.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC8i7HNK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600BP (Purley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.2.0.03942",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7BNH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5PGYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STCK1A32WFC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 1030",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1M3128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 10.0.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 130",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600WF",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon W avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel ant\u00e9rieure \u00e0 4.x.05",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK1AW32SC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600TP (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5CPYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D54250WYB",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution pour Python 2018 t\u00e9l\u00e9charg\u00e9 avant le 6 ao\u00fbt 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i5SYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6CAYS",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7CJYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i5DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i5MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i7RYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 8\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 2230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i3MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i7KYK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D33217GKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon D-2100 Family Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.5.65",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DE3815TYBE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600WT (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600ST",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Data Migration Software versions 3.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2mv64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable Family Platforms avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D53427RKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1IV128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 3.1.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Outil de d\u00e9tection pour la vuln\u00e9rabilit\u00e9 Intel-SA-00086 en version ant\u00e9rieure \u00e0 1.2.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6235",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Extreme Tuning Utility versions ant\u00e9rieures \u00e0 6.4.1.23.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 7\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Atom C3000 Series Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DN2820FYKH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2m3W64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 3.5.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12162",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12162"
},
{
"name": "CVE-2018-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3655"
},
{
"name": "CVE-2018-12160",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12160"
},
{
"name": "CVE-2018-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
},
{
"name": "CVE-2018-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3669"
},
{
"name": "CVE-2018-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12151"
},
{
"name": "CVE-2018-12148",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12148"
},
{
"name": "CVE-2018-12149",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12149"
},
{
"name": "CVE-2018-12176",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12176"
},
{
"name": "CVE-2018-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3659"
},
{
"name": "CVE-2018-12171",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12171"
},
{
"name": "CVE-2018-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
},
{
"name": "CVE-2018-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3643"
},
{
"name": "CVE-2018-12175",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12175"
},
{
"name": "CVE-2018-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
},
{
"name": "CVE-2017-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15361"
},
{
"name": "CVE-2018-12150",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12150"
},
{
"name": "CVE-2018-12163",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12163"
},
{
"name": "CVE-2018-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3686"
},
{
"name": "CVE-2018-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3679"
}
],
"initial_release_date": "2018-09-12T00:00:00",
"last_revision_date": "2018-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00119 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00125 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00162 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00181 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00149 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00148 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00141 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00173 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00177 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00165 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00170 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00172 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00142 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00176 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00143 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00131 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
}
]
}
fkie_cve-2018-12149
Vulnerability from fkie_nvd
Published
2018-09-12 19:29
Modified
2024-11-21 03:44
Severity ?
Summary
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | extreme_tuning_utility | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F7B1BD-018A-443E-8A6C-07BA917E6910",
"versionEndExcluding": "6.4.1.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el manejo de b\u00fafers en Intel Extreme Tuning Utility en versiones anteriores a la 6.4.1.21 podr\u00eda permitir que un usuario autenticado deniegue el servicio de la aplicaci\u00f3n mediante acceso local."
}
],
"id": "CVE-2018-12149",
"lastModified": "2024-11-21T03:44:39.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T19:29:00.870",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2018-18895
Vulnerability from cnvd
Title
Intel Extreme Tuning Utility缓冲区溢出漏洞
Description
Intel Extreme Tuning Utility是美国英特尔(Intel)公司的一款基于Windows平台的性能调试工具。
Intel Extreme Tuning Utility 6.4.1.21之前版本中的输入处理过程存在缓冲区溢出漏洞,本地攻击者可利用该漏洞造成应用程序拒绝服务。
Severity
中
VLAI Severity ?
Patch Name
Intel Extreme Tuning Utility缓冲区溢出漏洞的补丁
Patch Description
Intel Extreme Tuning Utility是美国英特尔(Intel)公司的一款基于Windows平台的性能调试工具。
Intel Extreme Tuning Utility 6.4.1.21之前版本中的输入处理过程存在缓冲区溢出漏洞,本地攻击者可利用该漏洞造成应用程序拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html
Reference
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html
Impacted products
| Name | Intel Extreme Tuning Utility <6.4.1.21 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-12149"
}
},
"description": "Intel Extreme Tuning Utility\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u6027\u80fd\u8c03\u8bd5\u5de5\u5177\u3002\r\n\r\nIntel Extreme Tuning Utility 6.4.1.21\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u8f93\u5165\u5904\u7406\u8fc7\u7a0b\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "unknown",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-18895",
"openTime": "2018-09-14",
"patchDescription": "Intel Extreme Tuning Utility\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u6027\u80fd\u8c03\u8bd5\u5de5\u5177\u3002\r\n\r\nIntel Extreme Tuning Utility 6.4.1.21\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u8f93\u5165\u5904\u7406\u8fc7\u7a0b\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5e94\u7528\u7a0b\u5e8f\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Intel Extreme Tuning Utility\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Intel Extreme Tuning Utility \u003c6.4.1.21"
},
"referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html",
"serverity": "\u4e2d",
"submitTime": "2018-09-14",
"title": "Intel Extreme Tuning Utility\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
gsd-2018-12149
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-12149",
"description": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.",
"id": "GSD-2018-12149"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-12149"
],
"details": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.",
"id": "GSD-2018-12149",
"modified": "2023-12-13T01:22:30.179645Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-12149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Extreme Tuning Utility",
"version": {
"version_data": [
{
"version_value": "Versions before 6.4.1.2."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.1.21",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12149"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-11-07T19:23Z",
"publishedDate": "2018-09-12T19:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…