Vulnerability-Lookup

CNVD-2018-15554

Vulnerability from cnvd - Published: 2018-08-17

Title

Intel Server Board、Compute Module和Server System拒绝服务漏洞

Description

Intel Server Board、Compute Module和Server System都是美国英特尔（Intel）公司的产品。Intel Server Board是一款服务器主板。Compute Module是一款计算模块。Server System是一款服务器阵列卡。 Intel Server Board、Intel Compute Module和Intel Server System中的BMC固件存在安全漏洞。攻击者可利用该漏洞对SMBUS执行写入和读取操作。

Severity

高

Patch Name

Intel Server Board、Compute Module和Server System拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html

Reference

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html

Impacted products

Name
['Intel Intel® Server Board', 'Intel Intel® Compute Module', 'Intel Intel® Server System']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-3682",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3682"
    }
  },
  "description": "Intel Server Board\u3001Compute Module\u548cServer System\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Server Board\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u4e3b\u677f\u3002Compute Module\u662f\u4e00\u6b3e\u8ba1\u7b97\u6a21\u5757\u3002Server System\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u9635\u5217\u5361\u3002\r\n\r\nIntel Server Board\u3001Intel Compute Module\u548cIntel Server System\u4e2d\u7684BMC\u56fa\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9SMBUS\u6267\u884c\u5199\u5165\u548c\u8bfb\u53d6\u64cd\u4f5c\u3002",
  "discovererName": "Intel",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-15554",
  "openTime": "2018-08-17",
  "patchDescription": "Intel Server Board\u3001Compute Module\u548cServer System\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Server Board\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u4e3b\u677f\u3002Compute Module\u662f\u4e00\u6b3e\u8ba1\u7b97\u6a21\u5757\u3002Server System\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u9635\u5217\u5361\u3002\r\n\r\nIntel Server Board\u3001Intel Compute Module\u548cIntel Server System\u4e2d\u7684BMC\u56fa\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9SMBUS\u6267\u884c\u5199\u5165\u548c\u8bfb\u53d6\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Server Board\u3001Compute Module\u548cServer System\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel Intel\u00ae Server Board",
      "Intel Intel\u00ae Compute Module",
      "Intel Intel\u00ae Server System"
    ]
  },
  "referenceLink": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-26",
  "title": "Intel Server Board\u3001Compute Module\u548cServer System\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-3682 (GCVE-0-2018-3682)

Vulnerability from cvelistv5 – Published: 2018-07-10 21:00 – Updated: 2024-08-05 04:50

Summary

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.

Severity

No CVSS data available.

CWE

Denial of Service

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Intel Corporation	Intel Server Boards, Compute Modules and Systems	Affected: BMC Equipped

Date Public

2018-07-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel Server Boards, Compute Modules and Systems",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "BMC Equipped"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\\writes to the SMBUS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-10T20:57:01.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2018-3682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel Server Boards, Compute Modules and Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "BMC Equipped"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\\writes to the SMBUS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3682",
    "datePublished": "2018-07-10T21:00:00.000Z",
    "dateReserved": "2017-12-28T00:00:00.000Z",
    "dateUpdated": "2024-08-05T04:50:30.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-15554

CVE-2018-3682 (GCVE-0-2018-3682)

Tags

Sightings

Nomenclature