Local Code Execution Vulnerability in Intel Processor Diagnostic Tool
CVE-2018-3668

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel Processor Diagnostic Tool
Vendor: CVE Published:; 10 July 2018

Summary

The Intel Processor Diagnostic Tool contains an issue due to unquoted service paths prior to version 4.1.0.27. This vulnerability may allow a local attacker to exploit the service path configuration and potentially execute arbitrary code on the affected system.

Affected Version(s)

Intel Processor Diagnostic Tool 4.1.0.24

References

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
Dec 28, 2017