Vulnerability Details : CVE-2018-3635
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.
Vulnerability category: Denial of service
Products affected by CVE-2018-3635
- cpe:2.3:a:intel:rapid_storage_technology:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-3635
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-3635
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-3635
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-3635
-
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00153.html
INTEL-SA-00153Vendor Advisory
-
http://seclists.org/fulldisclosure/2021/Mar/55
Full Disclosure: CVE-2018-3635 revisited: executable installers are vulnerable^WEVIL (case 60): again arbitrary code execution WITH escalation of privilege via Intel Rapid Storage Technology User InteMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/105984
Intel Rapid Storage Technology CVE-2018-3635 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to