VAR-201904-0623
Vulnerability from variot - Updated: 2023-12-18 12:43Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Media SDK is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Media SDK 2018 R2.1 are vulnerable. This product is mainly used for video encoding, decoding and processing in Windows and embedded Linux applications. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0623",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "media sdk",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "2017"
},
{
"model": "media sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2018"
},
{
"model": "broadwell",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "u i5 vpro mybdwi5v.86a"
},
{
"model": "graphics performance analyzer",
"scope": "lte",
"trust": 0.8,
"vendor": "intel",
"version": "for linux 18.4"
},
{
"model": "media sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "2018 r2.1"
},
{
"model": "microprocessors",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "with virtual memory mapping"
},
{
"model": "media sdk r1",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2018"
},
{
"model": "media sdk r2.1",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2017"
},
{
"model": "media sdk r2.1",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "2018"
}
],
"sources": [
{
"db": "BID",
"id": "107886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2018-18094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:media_sdk:2017:r2.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:media_sdk:2018:r1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:media_sdk:2017:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18094"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "107886"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-128619",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18094",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-603",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-128619",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128619"
},
{
"db": "NVD",
"id": "CVE-2018-18094"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Media SDK is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to gain elevated privileges. \nVersions prior to Media SDK 2018 R2.1 are vulnerable. This product is mainly used for video encoding, decoding and processing in Windows and embedded Linux applications. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18094"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "BID",
"id": "107886"
},
{
"db": "VULHUB",
"id": "VHN-128619"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18094",
"trust": 2.8
},
{
"db": "BID",
"id": "107886",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU90136041",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-603",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128619",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128619"
},
{
"db": "BID",
"id": "107886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2018-18094"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
]
},
"id": "VAR-201904-0623",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128619"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:34.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00201",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00201.html"
},
{
"title": "INTEL-SA-00236",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00236.html"
},
{
"title": "INTEL-SA-00238",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00238.html"
},
{
"title": "INTEL-SA-00239",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00239.html"
},
{
"title": "Intel Media SDK Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91414"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128619"
},
{
"db": "NVD",
"id": "CVE-2018-18094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107886"
},
{
"trust": 2.0,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00201.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18094"
},
{
"trust": 0.9,
"url": "http://www.intel.com/"
},
{
"trust": 0.9,
"url": "https://software.intel.com/en-us/media-sdk"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0162"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0163"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0158"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90136041/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0158"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0162"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0163"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128619"
},
{
"db": "BID",
"id": "107886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2018-18094"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128619"
},
{
"db": "BID",
"id": "107886"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2018-18094"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-128619"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107886"
},
{
"date": "2019-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"date": "2019-04-17T18:29:00.217000",
"db": "NVD",
"id": "CVE-2018-18094"
},
{
"date": "2019-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-128619"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107886"
},
{
"date": "2019-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-18094"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "107886"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-603"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…