Improper File Verification in Intel SGX SDK and Platform Software for Windows
CVE-2018-18098

7.3HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Sgx Sdk And Platform Software For Windows
Vendor: CVE Published:; 10 January 2019

What is CVE-2018-18098?

An improper file verification vulnerability in the install routine of Intel SGX SDK and Platform Software for Windows prior to version 2.2.100 may allow an attacker with local access to exploit this flaw, potentially leading to privilege escalation and unauthorized access to system resources.

Affected Version(s)

Intel(R) SGX SDK and Platform Software for Windows before 2.2.100.

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2019
Vulnerability Reserved
Oct 9, 2018