Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00122
HistoryApr 03, 2018 - 12:00 a.m.

Intel® Remote Keyboard Unauthenticated Keystroke Injection

2018-04-0300:00:00
Intel Security Center
www.intel.com
9

0.002 Low

EPSS

Percentile

59.5%

JSON

Summary:

CVE-2018-3641: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a network attacker to inject keystrokes as a local user.

• 9.0 Critical CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2018-3645: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.

• 8.8 High CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2018-3638: Escalation of privilege in all versions of the Intel® Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.

• 7.2 High CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Description:

CVE-2018-3641: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a network attacker to inject keystrokes as a local user.

• 9.0 Critical CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2018-3645: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.

• 8.8 High CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2018-3638: Escalation of privilege in all versions of the Intel® Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.

• 7.2 High CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected products:

All versions of the Intel® Remote Keyboard

Recommendations:

Intel has issued a Product Discontinuation notice for Intel® Remote Keyboard and recommends that users of the Intel® Remote Keyboard uninstall it at their earliest convenience.

Acknowledgements:

CVE-2018-3641: Intel would like to thank @trotmaster99 for reporting this issue and working with us on coordinated disclosure.

CVE-2018-3645: Intel would like to thank Mark Barnes for reporting this issue and working with us on coordinated disclosure.

CVE-2018-3638: Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.

Related

threatpost 1
cvelist 3
prion 3
cve 3
nvd 3
threatpost
threatpost
Intel Tells Remote Keyboard Users to Delete App After Critical Bug Found
2018-04-04 19:36:53
cvelist
cvelist
CVE-2018-3645
2018-04-03 00:00:00
CVE-2018-3638
2018-04-03 00:00:00
CVE-2018-3641
2018-04-03 00:00:00
prion
prion
Session fixation
2018-04-03 21:29:00
Privilege escalation
2018-04-03 21:29:00
Privilege escalation
2018-04-03 21:29:00
cve
cve
CVE-2018-3645
2018-04-03 21:29:00
CVE-2018-3638
2018-04-03 21:29:00
CVE-2018-3641
2018-04-03 21:29:00
nvd
nvd
CVE-2018-3645
2018-04-03 21:29:00
CVE-2018-3638
2018-04-03 21:29:00
CVE-2018-3641
2018-04-03 21:29:00

0.002 Low

EPSS

Percentile

59.5%

JSON
Related for INTEL:INTEL-SA-00122
threatpost1cvelist3prion3cve3nvd3