CVE-2018-12209 : Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for

Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.

Published 2019-03-14 20:29:01

Updated 2019-10-03 00:03:26

Source Intel Corporation

View at NVD, CVE.org

Products affected by CVE-2018-12209

Intel » Graphics Driver » Version: 15.36.26.4294 For Windows
cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.36.28.4332 For Windows
cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.36.31.4414 For Windows
cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.40.41.5058 For Windows
cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.45.18.4664 For Windows
cpe:2.3:a:intel:graphics_driver:15.45.18.4664:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 24.20.100.6194 For Windows
cpe:2.3:a:intel:graphics_driver:24.20.100.6194:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 24.20.100.6229 For Windows
cpe:2.3:a:intel:graphics_driver:24.20.100.6229:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.36.33.4578 For Windows
cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.36.34.4889 For Windows
cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.45.19.4678 For Windows
cpe:2.3:a:intel:graphics_driver:15.45.19.4678:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.45.21.4821 For Windows
cpe:2.3:a:intel:graphics_driver:15.45.21.4821:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 24.20.100.6286 For Windows
cpe:2.3:a:intel:graphics_driver:24.20.100.6286:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.33.45.4653 For Windows
cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.33.46.4885 For Windows
cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.40.37.4835 For Windows
cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.40.38.4963 For Windows
cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 24.20.100.6094 For Windows
cpe:2.3:a:intel:graphics_driver:24.20.100.6094:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 24.20.100.6136 For Windows
cpe:2.3:a:intel:graphics_driver:24.20.100.6136:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.33.43.4425 For Windows
cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.40.34.4624 For Windows
cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.40.36.4703 For Windows
cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 15.45.23.4860 For Windows
cpe:2.3:a:intel:graphics_driver:15.45.23.4860:*:*:*:*:windows:*:*
Matching versions
Intel » Graphics Driver » Version: 24.20.100.6025 For Windows
cpe:2.3:a:intel:graphics_driver:24.20.100.6025:*:*:*:*:windows:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-12209

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-12209

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.3	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2018-12209

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-12209

https://support.lenovo.com/us/en/product_security/LEN-25084

Intel Graphics Driver for Windows Vulnerabilities - US

CVEs referencing this url
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html

INTEL-SA-00189
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-12209

Products affected by CVE-2018-12209

Exploit prediction scoring system (EPSS) score for CVE-2018-12209

CVSS scores for CVE-2018-12209

CWE ids for CVE-2018-12209

References for CVE-2018-12209