CVE-2018-3649

DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00126.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_3160:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_3160:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_7260:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_7260:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-n_7260:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-n_7260:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:wireless-n_7260:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-n_7260:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_7260:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_7260:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_7265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_7265:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-n_7265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-n_7265:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:wireless-n_7265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-n_7265:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_3165:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_3165:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_7265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_7265:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-n_7265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-n_7265:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:intel:wireless-n_7265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-n_7265:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_3168:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_3168:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:intel:tri-band_wireless-ac_17265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:tri-band_wireless-ac_17265:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_8260:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_8260:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:intel:tri-band_wireless-ac_18260:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:tri-band_wireless-ac_18260:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:intel:dual_band_wireless-ac_8265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dual_band_wireless-ac_8265:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:intel:tri-band_wireless-ac_18265:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:tri-band_wireless-ac_18265:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:intel:wireless-ac_9260:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9260:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:intel:wireless-ac_9560:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9560:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:intel:wireless-ac_9461:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9461:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:intel:wireless-ac_9462:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:wireless-ac_9462:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-10 22:29

Updated : 2023-12-10 12:30

NVD link : CVE-2018-3649

Mitre link : CVE-2018-3649

CVE.ORG link : CVE-2018-3649

JSON object : View

Products Affected

intel

tri-band_wireless-ac_18265
dual_band_wireless-ac_7260
wireless-n_7260
wireless-ac_9461
dual_band_wireless-ac_3160
tri-band_wireless-ac_17265
dual_band_wireless-ac_8265
wireless-ac_9462
dual_band_wireless-n_7260
dual_band_wireless-ac_7265
tri-band_wireless-ac_18260
dual_band_wireless-ac_8260
wireless-ac_9260
dual_band_wireless-ac_3165
dual_band_wireless-n_7265
dual_band_wireless-ac_3168
wireless-ac_9560
wireless-n_7265

CWE

CWE-427

Uncontrolled Search Path Element

7.8 /10