CVE-2018-12155

Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.lenovo.com/us/en/solutions/LEN-25662
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html	Vendor Advisory
http://support.lenovo.com/us/en/solutions/LEN-25662
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:integrated_performance_primitives::::::::
	cpe:2.3:a:intel:integrated_performance_primitives:2019:-::::::

History

21 Nov 2024, 03:44

Type	Values Removed	Values Added
References	~~() http://support.lenovo.com/us/en/solutions/LEN-25662 -~~	() http://support.lenovo.com/us/en/solutions/LEN-25662 -
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html - Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html - Vendor Advisory

Information

Published : 2018-12-05 21:29

Updated : 2024-11-21 03:44

NVD link : CVE-2018-12155

Mitre link : CVE-2018-12155

CVE.ORG link : CVE-2018-12155

JSON object : View

Products Affected

intel

integrated_performance_primitives

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2018-12155", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-12-05T21:29:00.467", "references": [{"url": "http://support.lenovo.com/us/en/solutions/LEN-25662", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}, {"url": "http://support.lenovo.com/us/en/solutions/LEN-25662", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "Filtrado de datos en las bibliotecas criptogr\u00e1ficas de Intel IPP en versiones anteriores a la 2019 update1 podr\u00edan permitir que un usuario autenticado habilite la divulgaci\u00f3n de informaci\u00f3n mediante acceso local."}], "lastModified": "2024-11-21T03:44:40.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E1A7F24-DDA8-48D2-BBBE-AF231E78FB08", "versionEndExcluding": "2019"}, {"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:2019:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "231F4E62-83E7-414D-ADDB-1B1C90A7814B"}], "operator": "OR"}]}], "sourceIdentifier": "secure@intel.com"}

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-12155

5.5^/10

2.1^/10

Attach tags to `CVE-2018-12155`