Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine.
Updates are available for download at this location:
Intel ID: | INTEL-SA-00267 |
---|---|
Summary:
A potential security vulnerability in Intel® Solid State Drives (SSD) for Data Centers (DC) S4500/S4600 Series firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID: CVE-2018-18095
Description: Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Affected Products:
Intel® SSD DC S4500 Series firmware before SCV10150.
Intel® SSD DC S4600 Series firmware before SCV10150.
Recommendations:
Intel recommends updating Intel® SSD DC S4500 Series and Intel® SSD DC S4600 Series firmware to SCV10150 or later.
Updates are available for download at this location:
Acknowledgements:
This issue was found internally by Intel.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.
Comments
Post a Comment