CVE-2018-3668 - Vulnerability Details

Vendors	Products
Intel	Processor Diagnostic Tool

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Intel Processor Diagnostic Tool", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "4.1.0.24"}]}], "datePublic": "2018-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "DLL Hijack", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-10T20:57:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2018-3668", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel Processor Diagnostic Tool", "version": {"version_data": [{"version_value": "4.1.0.24"}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DLL Hijack"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:50:30.448Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-3668", "datePublished": "2018-07-10T21:00:00", "dateReserved": "2017-12-28T00:00:00", "dateUpdated": "2024-08-05T04:50:30.448Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Intel Processor Diagnostic Tool (string)

vendor : Intel Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.1.0.24 (string)

}

]

}

]

datePublic : 2018-06-27T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : DLL Hijack (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-07-10T20:57:01 (string)

orgId : 6dda929c-bb53-4a77-a76d-48e79601a1ce (string)

shortName : intel (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@intel.com (string)

ID : CVE-2018-3668 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Intel Processor Diagnostic Tool (string)

version : { »

version_data : [ »

0 : { »

version_value : 4.1.0.24 (string)

}

]

}

]

}

vendor_name : Intel Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : DLL Hijack (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html (string)

refsource : CONFIRM (string)

url : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T04:50:30.448Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 6dda929c-bb53-4a77-a76d-48e79601a1ce (string)

assignerShortName : intel (string)

cveId : CVE-2018-3668 (string)

datePublished : 2018-07-10T21:00:00 (string)

dateReserved : 2017-12-28T00:00:00 (string)

dateUpdated : 2024-08-05T04:50:30.448Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:processor_diagnostic_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "9819BD7B-690C-4EE1-A614-B21B7F9333B6", "versionEndExcluding": "4.1.0.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code."}, {"lang": "es", "value": "Las rutas de servicio no entrecomilladas en Intel Processor Diagnostic Tool (IPTD) en versiones anteriores a la 4.1.0.27 permiten que un atacante local pueda ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2018-3668", "lastModified": "2024-11-21T04:05:52.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-10T21:29:01.060", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:intel:processor_diagnostic_tool:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9819BD7B-690C-4EE1-A614-B21B7F9333B6 (string)

versionEndExcluding : 4.1.0.27 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. (string)

}

1 : { »

lang : es (string)

value : Las rutas de servicio no entrecomilladas en Intel Processor Diagnostic Tool (IPTD) en versiones anteriores a la 4.1.0.27 permiten que un atacante local pueda ejecutar código arbitrario. (string)

}

]

id : CVE-2018-3668 (string)

lastModified : 2024-11-21T04:05:52.177 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-07-10T21:29:01.060 (string)

references : [ »

0 : { »

source : secure@intel.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html (string)

}

]

sourceIdentifier : secure@intel.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-428 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object