CVE-2018-12160

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.6 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:data_migration_software:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-09-12 19:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-12160

Mitre link : CVE-2018-12160

CVE.ORG link : CVE-2018-12160

JSON object : View

Products Affected

intel

data_migration_software

CWE

CWE-276

Incorrect Default Permissions

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2018-12160", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}]}, "published": "2018-09-12T19:29:01.323", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}, {"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de DLL en el instalador de software para Intel Data Center Migration Center Software, en versiones 3.1 y anteriores, podr\u00eda permitir que un usuario autenticado ejecute c\u00f3digo utilizando permisos de directorio por defecto mediante acceso local."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:data_migration_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CE4EEC9-7948-46DD-BE22-8292E76B20FD", "versionEndIncluding": "3.1"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}