CVE-2018-18098

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.

CVSS v3 7.3 HIGH
CVSS v2.0 4.4 MEDIUM

7.3^/10

CVSS v3 : HIGH

Vector : AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html	Patch Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:intel:sgx_platform_software:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:intel:sgx_sdk:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:55

Type	Values Removed	Values Added
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html - Patch, Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html - Patch, Vendor Advisory

Information

Published : 2019-01-10 20:29

Updated : 2024-11-21 03:55

NVD link : CVE-2018-18098

Mitre link : CVE-2018-18098

CVE.ORG link : CVE-2018-18098

JSON object : View

Products Affected

intel

sgx_sdk
sgx_platform_software

microsoft

windows

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2018-18098", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2019-01-10T20:29:00.440", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html", "tags": ["Patch", "Vendor Advisory"], "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access."}, {"lang": "es", "value": "Verificaci\u00f3n incorrecta de archivos en la rutina de instalaci\u00f3n para Intel(R) SGX SDK and Platform Software para Windows, en versiones anteriores a la 2.2.100, podr\u00eda permitir el escalado de privilegios mediante acceso local."}], "lastModified": "2024-11-21T03:55:28.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:sgx_platform_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34BF5B2B-88C4-4CD5-99AF-9CAE45E1D7D3", "versionEndExcluding": "2.2.100"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:sgx_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D59061-313B-40A4-AB61-9F51995BCCA0", "versionEndExcluding": "2.2.100"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}