CVE-2018-3624

Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.

CVSS v3 8.3 HIGH
CVSS v2.0 5.4 MEDIUM

8.3^/10

CVSS v3 : HIGH

Vector : AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability : 1.6 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

5.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 5.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/103968	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-114-02	Third Party Advisory US Government Resource
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00116&languageid=en-fr	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:2g_modem_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:sofia_3g:-:::::::*
	cpe:2.3:h:intel:sofia_3g-r:-:::::::*
	cpe:2.3:h:intel:sofia_3g-r_w:-:::::::*
	cpe:2.3:h:intel:xmm71xx:-:::::::*
	cpe:2.3:h:intel:xmm72xx:-:::::::*
	cpe:2.3:h:intel:xmm73xx:-:::::::*
	cpe:2.3:h:intel:xmm74xx:-:::::::*

History

No history.

Information

Published : 2018-04-05 16:29

Updated : 2024-02-28 16:25

NVD link : CVE-2018-3624

Mitre link : CVE-2018-3624

CVE.ORG link : CVE-2018-3624

JSON object : View

Products Affected

intel

2g_modem_firmware
sofia_3g
sofia_3g-r
xmm74xx
xmm71xx
xmm73xx
sofia_3g-r_w
xmm72xx

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2018-3624", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.6}]}, "published": "2018-04-05T16:29:00.393", "references": [{"url": "http://www.securityfocus.com/bid/103968", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@intel.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@intel.com"}, {"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00116&languageid=en-fr", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el m\u00f3dulo de procesamiento ETWS en Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx y Sofia 3G/R permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante una red adyacente."}], "lastModified": "2018-05-10T14:13:30.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:2g_modem_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "066AC9C9-A535-41B3-B1D8-A032B378B6C5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:sofia_3g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E5D7652-5616-4CE2-9F2A-12A290ECB2AA"}, {"criteria": "cpe:2.3:h:intel:sofia_3g-r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "00A7C203-FCEE-4A04-B0EF-56B17FACF97B"}, {"criteria": "cpe:2.3:h:intel:sofia_3g-r_w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4CBED0FB-8114-421F-BD1A-5CEB9BB8C3A7"}, {"criteria": "cpe:2.3:h:intel:xmm71xx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1F3E5FCF-8D35-460F-B5DE-20B2B5F84436"}, {"criteria": "cpe:2.3:h:intel:xmm72xx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5404667A-6C3D-45B0-B8FD-F19384216E63"}, {"criteria": "cpe:2.3:h:intel:xmm73xx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30BC780E-C105-43CA-A5AD-E529B9624BE7"}, {"criteria": "cpe:2.3:h:intel:xmm74xx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2621B46F-8A61-4A5F-961F-6EB225F49FB1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}