#VU16991 Privilege escalation in Intel products - CVE-2018-18098
Published: January 15, 2019
Vulnerability identifier: #VU16991
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-18098
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel SGX Platform Software for Linux
Intel SGX Platform Software for Windows
Intel SGX SDK for Linux
Intel SGX SDK for Windows
Intel SGX Platform Software for Linux
Intel SGX Platform Software for Windows
Intel SGX SDK for Linux
Intel SGX SDK for Windows
Software vendor:
Intel
Intel
Description
The vulnerability allows a local attacker to gain elevated privileges.
The weakness exists due to improper file verification in install routine. A local attacker can supply a specially crafted and gain elevated privileges to conduct further attacks.
The weakness exists due to improper file verification in install routine. A local attacker can supply a specially crafted and gain elevated privileges to conduct further attacks.
Remediation
Update Intel SGX for Windows to version 2.2.100.
Update Intel SGX for Linux to version 2.4.100.
Update Intel SGX for Linux to version 2.4.100.