Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-12169

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-21 Sep, 2018 | 20:00
Updated At-05 Aug, 2024 | 08:30
Rejected At-
Credits

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:21 Sep, 2018 | 20:00
Updated At:05 Aug, 2024 | 08:30
Rejected At:
▼CVE Numbering Authority (CNA)

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/105387
vdb-entry
x_refsource_BID
https://support.lenovo.com/us/en/solutions/LEN-20527
x_refsource_CONFIRM
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/105387
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://support.lenovo.com/us/en/solutions/LEN-20527
Resource:
x_refsource_CONFIRM
Hyperlink: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/105387
vdb-entry
x_refsource_BID
x_transferred
https://support.lenovo.com/us/en/solutions/LEN-20527
x_refsource_CONFIRM
x_transferred
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/105387
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://support.lenovo.com/us/en/solutions/LEN-20527
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:21 Sep, 2018 | 20:29
Updated At:20 Dec, 2018 | 13:59

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.6HIGH
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Intel Corporation
intel
>>core_i3>>4000m
cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4005u
cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4010u
cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4010y
cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4012y
cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4020y
cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4025u
cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4030u
cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4030y
cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4100e
cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4100m
cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4100u
cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4102e
cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4110e
cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4110m
cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4112e
cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4120u
cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4130
cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4130t
cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4150
cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4150t
cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4158u
cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4160
cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4160t
cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4170
cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4170t
cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4330
cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4330t
cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4330te
cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4340
cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4340te
cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4350
cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4350t
cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4360
cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4360t
cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4370
cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>4370t
cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>5005u
cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>5010u
cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>5015u
cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>5020u
cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>5157u
cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6006u
cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6098p
cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6100
cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6100e
cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6100h
cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6100t
cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6100te
cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3>>6100u
cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/105387secure@intel.com
Third Party Advisory
VDB Entry
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.htmlsecure@intel.com
Third Party Advisory
https://support.lenovo.com/us/en/solutions/LEN-20527secure@intel.com
Mitigation
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/105387
Source: secure@intel.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
Source: secure@intel.com
Resource:
Third Party Advisory
Hyperlink: https://support.lenovo.com/us/en/solutions/LEN-20527
Source: secure@intel.com
Resource:
Mitigation
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

485Records found
CVE-2018-18095
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 41.13%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 20:31
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.

Action-Not Available
Vendor-Intel Corporation
Product-ssd_dc_s4600_firmwaressd_dc_s4500ssd_dc_s4600ssd_dc_s4500_firmwareIntel(R) SSD DC S4500/S4600 Series
CWE ID-CWE-287
Improper Authentication
CVE-2020-8714
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 03:00
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bpblc24rserver_system_r1304wt2gsrserver_system_lsvrp_firmwarecompute_module_hns2600tpfrserver_system_r2208wt2ysrserver_board_s2600wftserver_system_r2312wftzsrserver_system_r1000sp_firmwareserver_board_s2600kprserver_system_r1304wf0ysserver_system_r1304wf0ysrserver_system_r1304sposhbnserver_board_s2600kpfserver_system_lsvrp4304es6xx1server_board_s2600cwtserver_board_s2600kpcompute_module_hns2600bpbserver_board_s2600stbcompute_module_hns2600kprserver_system_r1208wttgsrserver_board_s2600cw2rserver_board_s2600wfqrcompute_module_hns2600tp24rserver_system_r2308wftzsserver_system_r2308wttysserver_system_r1000wf_firmwareserver_board_s2600wftrserver_system_r1304wt2gscompute_module_hns2600tprserver_system_r2208wf0zsserver_board_s2600kptrserver_board_s2600st_firmwareserver_system_r1208sposhorrcompute_module_hns2600tp_firmwareserver_board_s1200splserver_board_s2600cw2srserver_system_r1208wt2gsserver_board_s2600tpserver_system_r2208wttyc1rserver_board_s2600stqrcompute_module_hns2600bpblc24server_board_s2600cw2scompute_module_hns2600kp_firmwareserver_system_vrn2208wfaf83server_board_s2600cwtrserver_board_s1200spsserver_board_s2600bpqserver_system_r2208wt2ysserver_system_r1208wttgsserver_system_r1304wttgsserver_system_r2208wttysrserver_system_r1304sposhbnrserver_system_r2208wfqzsrserver_board_s2600tpfserver_board_s2600cwtsserver_system_lr1304sp_firmwareserver_system_r2312wf0nprserver_board_s2600wttrserver_board_s2600wt2server_system_r1208wfqysrserver_system_vrn2208wfhy6server_board_s2600stqserver_system_r2224wftzsserver_board_s2600wf0rserver_system_r2208wfqzsserver_system_nb2208wfqnfviserver_system_r2208wftzsserver_system_r2224wftzsrcompute_module_hns2600bpq24rserver_system_r2224wttysserver_board_s1200sp_firmwareserver_system_lr1304spcfg1rserver_system_lr1304spcfg1server_system_mcb2208wfaf5compute_module_hns2600bps24server_board_s2600bpsserver_board_s2600wt_firmwareserver_board_s2600bpqrserver_system_r2000wt_firmwareserver_system_r1208wt2gsrserver_system_vrn2208wfaf82compute_module_hns2600bpb24rserver_system_r1208wftysserver_system_r2000wf_firmwareserver_board_s2600cwserver_system_r2308wftzsrserver_system_lnetcnt3ycompute_module_s2600tp_firmwarecompute_module_hns2600bps24rserver_system_r1304wftysrserver_system_lsvrp4304es6xxrcompute_module_hns2600bpsrserver_board_s2600wt2rserver_system_mcb2208wfhy2server_board_s2600tpfrcompute_module_hns2600bpblcrserver_board_s2600cwtsrserver_system_r2224wfqzsserver_system_r2308wttysrcompute_module_hns2600tpfserver_system_r2312wftzsserver_system_vrn2208wfaf81server_board_s2600stbrcompute_module_hns2600bpqrserver_system_r2224wttysrserver_system_r2312wttyscompute_module_hns2600bpbrserver_system_r1208sposhorserver_board_s2600bp_firmwareserver_board_s2600bpbrserver_system_r1000wt_firmwareserver_board_s2600wttserver_board_s2600wf0compute_module_hns2600kpserver_system_r2312wfqzsserver_system_mcb2208wfaf6server_system_r1304wftysserver_system_r2208wttysserver_system_r1304sposhorrserver_system_vrn2208waf6compute_module_hns2600bp_firmwareserver_system_r1304sposhorcompute_module_hns2600tpcompute_module_hns2600kpfrcompute_module_hns2600bpqserver_board_s1200sporserver_board_s2600bpbserver_system_mcb2208wfaf4server_board_s1200splrserver_system_lr1304spcfsgx1compute_module_hns2600kpfcompute_module_hns2600bpblcserver_system_r2208wttyc1server_board_s2600cw2server_board_s1200sposerver_board_s2600wfqserver_board_s2600bpsrserver_system_r2312wf0npserver_system_r1304wttgsrserver_system_r2312wttysrserver_board_s2600kp_firmwareserver_system_r1208wttgsbppserver_board_s1200spsrcompute_module_hns2600bpsserver_system_r2208wf0zsrserver_board_s2600kpfrcompute_module_hns2600bpb24server_system_r2208wftzsrserver_system_r1208wftysrserver_board_s2600tprcompute_module_hns2600tp24srserver_board_s2600wf_firmwarecompute_module_hns2600bpq24Intel(R) Server Boards, Server Systems and Compute Modules Advisory
CWE ID-CWE-287
Improper Authentication
CVE-2020-24514
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:48
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-realsense_id_f450realsense_id_f455_firmwarerealsense_id_f450_firmwarerealsense_id_f455Intel(R) RealSense(TM) IDs
CWE ID-CWE-287
Improper Authentication
CVE-2021-42849
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 13.68%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.

Action-Not Available
Vendor-Lenovo Group Limited
Product-t2prot1_firmwaret2pro_firmwaret1x1x1_firmwaret2_firmwaret2a1_firmwarea1Personal Cloud Storage X1Personal Cloud Storage T1Personal Cloud Storage A1Personal Cloud Storage T2Personal Cloud Storage T2Pro
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-287
Improper Authentication
CVE-2019-14598
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 18:21
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-converged_security_management_engine_firmwaresteelstore_cloud_integrated_storageIntel(R) CSME
CWE ID-CWE-287
Improper Authentication
CVE-2021-0096
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.94%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 18:55
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc7i3dn_firmwarenuc7i3dnnuc7i7dnnuc7i5dnnuc7i5dn_firmwarenuc7i7dn_firmwareIntel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN
CWE ID-CWE-287
Improper Authentication
CVE-2019-0107
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 47.94%
||
7 Day CHG~0.00%
Published-18 Feb, 2019 | 17:00
Updated-16 Sep, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managern/a
CVE-2019-0109
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.67%
||
7 Day CHG~0.00%
Published-18 Feb, 2019 | 17:00
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managern/a
CVE-2019-0163
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 17:03
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-i5-5350u_firmwarei5-5350uIntel(R) NUC Advisory
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0158
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.69%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 17:02
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_performance_analyzerIntel(R) Graphics Performance Analyzer for Linux Advisory
CVE-2019-0171
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_iiquartus_primeIntel(R) Quartus(R)
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-0170
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 37.86%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-converged_security_management_engine_firmwareIntel(R) Dynamic Application Loader (DAL)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0159
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.46%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 19:13
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-administrative_tools_for_intel_network_adaptersLinux Administrative Tools for Intel(R) Network Adapters
CVE-2019-0128
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.16%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Device Software (INF Update Utility) Advisory
CWE ID-CWE-264
Not Available
CVE-2019-0181
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.65%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_cloud_integrity_tehnologyopenattestationOpen Cloud Integrity Technology and OpenAttestation
CVE-2019-0129
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-usb_3.0_creator_utilityIntel(R) USB 3.0 Creator Utility
CWE ID-CWE-264
Not Available
CVE-2019-0134
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.77%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 19:13
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege.

Action-Not Available
Vendor-n/aIntel Corporation
Product-dynamic_platform_and_thermal_frameworkIntel(R) Dynamic Platform and Thermal Framework
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-0092
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.72%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) Active Management Technology (AMT)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0088
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.81%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-system_support_utilityIntel(R) System Support Utility for Windows
CVE-2019-0089
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 33.62%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_platform_servicesIntel(R) Server Platform Services (SPS)
CWE ID-CWE-19
Not Available
CVE-2019-0121
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.23%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-matrix_storage_managerIntel(R) Matrix Storage Manager
CWE ID-CWE-264
Not Available
CVE-2018-9063
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.69%
||
7 Day CHG~0.00%
Published-04 May, 2018 | 16:00
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-0135
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206

Action-Not Available
Vendor-n/aLenovo Group LimitedIntel Corporation
Product-thinkstation_p520_firmwarethinkstation_p520thinkstation_p720_firmwarethinkstation_p720thinkstation_p520c_firmwarerapid_storage_technology_enterprisethinkstation_p520cthinkstation_p920thinkstation_p920_firmwareIntel(R) Accelerated Storage Manager in RSTe Advisory
CWE ID-CWE-264
Not Available
CVE-2019-0139
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 32.33%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:21
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_controller_x710-at2_firmwareethernet_controller_x710-tm4_firmwareethernet_controller_x710-bm2_firmwareethernet_controller_710-bm1ethernet_controller_xxv710-am2ethernet_controller_xxv710-am1_firmwareethernet_controller_xxv710-am1ethernet_controller_x710-bm2ethernet_controller_xxv710-am2_firmwareethernet_700_series_softwareethernet_controller_x710-at2ethernet_controller_710-bm1_firmwareethernet_controller_x710-tm42019.2 IPU – Intel(R) Ethernet 700 Series Controllers
CVE-2010-0560
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.10% / 27.50%
||
7 Day CHG~0.00%
Published-08 Feb, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, DH, DP, and DQ Series allows local administrators to execute arbitrary code in System Management Mode (SSM) via unknown attack vectors.

Action-Not Available
Vendor-n/aIntel Corporation
Product-intel_desktop_boardn/a
CVE-2019-0099
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 23.19%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_platform_services_firmwareIntel(R) Server Platform Services (SPS), Intel (R) Trusted Execution Engine Interface (TXE)
CVE-2019-0106
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 47.94%
||
7 Day CHG~0.00%
Published-18 Feb, 2019 | 17:00
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managern/a
CVE-2019-0138
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-acu_wizardIntel(R) ACU Wizard
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-0086
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.06%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-converged_security_management_engine_firmwaretrusted_execution_engine_firmwareIntel(R) Converged Security & Management Engine (CSME) Dynamic Application Loader, Intel (R) Trusted Execution Engine Interface (TXE)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-0105
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-18 Feb, 2019 | 17:00
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managern/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2015-4596
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 16:00
Updated-30 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-mouse_suiten/a
CVE-2018-3700
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 34.18%
||
7 Day CHG~0.00%
Published-18 Feb, 2019 | 17:00
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-windows_7usb_3.0_extensible_host_controller_drivern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-3703
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 20:00
Updated-16 Sep, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-Microsoft CorporationIntel Corporation
Product-windowsssd_data_center_toolIntel(R) SSD Data Center Tool for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-3701
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.20%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-proset\/wireless_wifiIntel(R) PROSet/Wireless WiFi Software Advisory
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-3704
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-13 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-parallel_studioparallel_studio_xeIntel Parallel Studio
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-3645
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 21:00
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.

Action-Not Available
Vendor-Intel Corporation
Product-remote_keyboard_mobile_appremote_keyboardIntel Remote Keyboard
CVE-2018-3652
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.6||HIGH
EPSS-0.14% / 35.41%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.

Action-Not Available
Vendor-Intel Corporation
Product-xeon_e3_1275_v5xeon_e3_1270_v6xeon_e3_1268l_v5xeon_e3_1501l_v6xeon_e3_1240_v6xeonxeon_e3_1240_v5xeon_e3_1270_v5xeon_e3_1240l_v5xeon_e3_1280_v5xeon_e3_1245_v6xeon_e3_1220_v6xeon_e3_1225_v5xeon_e3_1505m_v5xeon_bronze_3106xeon_e3_1230_v5xeon_e3_1220_v5xeon_e3_1235l_v5xeon_e3_1505l_v5xeon_e3_1501m_v6xeon_e3_1260l_v5xeon_e3_1275_v6xeon_silverxeon_e3_1225_v6xeon_goldxeon_platinumatom_cxeon_bronze_3104xeon_e3_1230_v6xeon_e3_1280_v6xeon_e3xeon_e3_1245_v5xeon_e3_1285_v6xeon_e3_1505l_v6Intel Xeon Processor
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-3667
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.61%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.

Action-Not Available
Vendor-Intel Corporation
Product-processor_diagnostic_toolIntel Processor Diagnostic Tool
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2018-3682
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.05% / 13.81%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.

Action-Not Available
Vendor-Intel Corporation
Product-hns2600tp24strbbs2600bpbr1208wftysr1304wf0yshns2600tprhns7200apr2224wfqzshns2600bpqbbs2600stqs2600tpnrs2600kptrhns2600bpblcr2208wttyc1rr2208wt2ysrbbs2600stbr2208wf0zsr2208wftzsdbs2600cw2rdbs2600cwtrr2312wf0npr2312wttysrs2600stbs2600wtts1rr2224wftzsr1208wt2gsrs2600wt2rhns2600kpfrhns2600kprr1304wttgsrbbs7200apbbs2600bpshns2600bpsr2208wfqzshns2600bpb24bbs7200aplhns2600bps24hns2600tpfrs2600wfohns2600bpq24hns2600bpblc24r2312wfqzss2600wttrr2224wttysrr1208wttgsrhns2600tpnrr1304wt2gsrhns2600bpbs2600tprr1304wftyshns7200aprls2600tptrr2208wttysrs2600stqr2308wftzsdbs2600cwtsrhns7200aprs7200aprhns2600tp24srdbs2600cw2srhns7200aplhns2600tp24rs2600kprbmc_firmwares2600wfqr2308wttysrbbs2600bpqs2600kpfrs2600tpfrs2600wftr2312wftzsIntel Server Boards, Compute Modules and Systems
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-3697
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.72%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-media_server_studioIntel Media Server Studio
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-3688
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.65%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

Action-Not Available
Vendor-Intel Corporation
Product-quartus_prime_programmer_and_toolsIntel Quartus Prime Programmer and Tools
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2018-3627
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.26% / 49.07%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.

Action-Not Available
Vendor-Intel CorporationNetApp, Inc.
Product-xeon_e3_1270_v6xeon_e3_1275_v6xeon_e3_1240_v6element_software_management_nodexeon_e3_1225_v6xeon_e3_1240_v5xeon_e3_1270_v5xeon_e3_1240l_v5xeon_e3_1280_v5xeon_e3_1245_v6xeon_wcore_i7xeon_e3_1220_v6core_i3xeon_e3_1225_v5xeon_e3_1230_v5converged_security_management_engine_firmwarexeon_e3_1220_v5xeon_e3_1230_v6core_i5xeon_e3_1235l_v5core_i9xeon_e3_1245_v5xeon_e3_1280_v6xeon_e3_1285_v6xeon_e3_1260l_v5Intel Converged Security Management Engine (Intel CSME)
CVE-2018-3643
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8.2||HIGH
EPSS-0.21% / 43.19%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.

Action-Not Available
Vendor-Intel Corporation
Product-server_platform_services_firmwareconverged_security_management_engine_firmwareIntel(R) Converged Security and Management Engine (CSME) and Intel(R) Server Platform Services firmware
CVE-2018-3683
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.65%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

Action-Not Available
Vendor-Intel Corporation
Product-quartus_primeIntel Quartus Prime
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2018-3649
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 22:00
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.

Action-Not Available
Vendor-Intel Corporation
Product-wireless-ac_9560wireless-n_7265dual_band_wireless-n_7260dual_band_wireless-ac_7265dual_band_wireless-ac_8265dual_band_wireless-ac_7260wireless-ac_9462tri-band_wireless-ac_18260dual_band_wireless-n_7265wireless-ac_9461dual_band_wireless-ac_3160tri-band_wireless-ac_17265wireless-n_7260dual_band_wireless-ac_3165dual_band_wireless-ac_8260wireless-ac_9260dual_band_wireless-ac_3168tri-band_wireless-ac_18265Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2018-3635
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.16%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.

Action-Not Available
Vendor-Intel Corporation
Product-rapid_storage_technologyIntel Rapid Store Technology
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-3702
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.95%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for the ITE Tech* Consumer Infrared Driver for Windows 10 versions before 5.4.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aMicrosoft CorporationIntel Corporation
Product-ite_tech_consumer_infrared_driverwindows_10ITE Tech Consumer Infrared Driver for Windows 10 Advisory
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-3615
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 17.61%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 16:25
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.

Action-Not Available
Vendor-Lenovo Group Limited
Product-smart_camera_x5_firmwaresmart_camera_x5smart_camera_x3_firmwaresmart_camera_x3smart_camera_c2esmart_camera_c2e_firmwareSmart Camera X3, X5, and C2E firmware
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-3698
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.94%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access.

Action-Not Available
Vendor-Intel Corporation
Product-ready_mode_technologyIntel Ready Mode Technology
CVE-2018-3650
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.81%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 15:00
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.

Action-Not Available
Vendor-Intel Corporation
Product-distribution_for_pythonIntel Distribution for Python
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found