Published: 10/01/2019 Updated: 03/10/2019

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows prior to 2.2.100 may allow an escalation of privilege via local access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
intel sgx_platform_software
intel sgx_sdk

Intel's Software Guard caught asleep at its post: Patch out now for SGX give-me-admin hole

The Register • Shaun Nichols in San Francisco • 14 Jan 2019

Chipzilla adds to Windows IT admins security update load

While admins were busy wrangling with the mass of security patches from Microsoft, Adobe, and SAP last week, Intel slipped out a fix for a potentially serious flaw in its Software Guard Extensions (SGX) technology. Chipzilla's January 8 update addresses CVE-2018-18098, an issue Intel describes as an "improper file verification" that can be exploited on Windows machines to escalate privileges. In effect, the security blunder can be leveraged by malware running on a system, or rogue logged-in user...

CVE-2018-18098

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect