A potential security vulnerability in the INTEL-SA-00086 Detection Tool may allow a privileged user to execute arbitrary code. Intel is releasing INTEL-SA-00086 Detection Tool updates to mitigate this potential vulnerability.
CVEID:** **CVE-2018-3686
Description: Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.
CVSS Base Score:** **5.8 Medium
CVSS Vector:** **CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H
Intel-SA-00086 Detection Tool versions prior to 1.2.7.0
Intel recommends that users of Intelยฎ Intel-SA-00086 Detection Tool** **update to 1.2.7.0 or later.
Updates are available for download at this location:
<https://downloadcenter.intel.com/download/28632?v=t>
Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with Intel Corporation on coordinated public disclosure.