CVE-2018-18098

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.3HIGH

EPSS

0.0%

top 84.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel SGX Platform Software Intel SGX SDK Intel Corporation Intel(r) SGX SDK AND Platform Software FOR Windows

Timeline

PublishedJan 10

Latest updateMay 13

Description

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5intel_corporation/intel(r)_sgx_sdk_and_platform_software_for_windowsbefore 2.2.100.

▶NVDintel/sgx_platform_software< 2.2.100

▶NVDintel/sgx_sdk< 2.2.100

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-j74m-28jp-478w: Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2↗2022-05-13

▶

CVEList

CVE-2018-18098: Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2↗2019-01-10

▶