![]() ![]() Upgrading to version 5.0.4.43v2 eliminates this vulnerability. The commercial vulnerability scanner Qualys is able to test this issue with plugin 371657 (Intel USB 3.0 eXtensible Host Controller Driver Local Code Injection Vulnerability(INTEL-SA-00200)). During that time the estimated underground price was around $5k-$25k. The vulnerability was handled as a non-public zero-day exploit for at least 6 days. This vulnerability is assigned to T1059 by the MITRE ATT&CK project. ![]() ![]() The technical details are unknown and an exploit is not available. The successful exploitation requires a simple authentication. Local access is required to approach this attack. This vulnerability is handled as CVE-2018-3700 since. CVE summarizes:Ĭode injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access. Impacted is confidentiality, integrity, and availability. The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. Using CWE to declare the problem leads to CWE-94. The manipulation with an unknown input leads to a privilege escalation vulnerability. Affected by this issue is an unknown function of the component Installer. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability, which was classified as problematic, has been found in Intel USB 3.0 eXtensible Host Controller Driver on Win7 ( Hardware Driver Software). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |