Summary:
CVE-2018-3641: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a network attacker to inject keystrokes as a local user.
• 9.0 Critical CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2018-3645: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.
• 8.8 High CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2018-3638: Escalation of privilege in all versions of the Intel® Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.
• 7.2 High CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Description:
CVE-2018-3641: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a network attacker to inject keystrokes as a local user.
• 9.0 Critical CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2018-3645: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.
• 8.8 High CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2018-3638: Escalation of privilege in all versions of the Intel® Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.
• 7.2 High CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Affected products:
All versions of the Intel® Remote Keyboard
Recommendations:
Intel has issued a Product Discontinuation notice for Intel® Remote Keyboard and recommends that users of the Intel® Remote Keyboard uninstall it at their earliest convenience.
Acknowledgements:
CVE-2018-3641: Intel would like to thank @trotmaster99 for reporting this issue and working with us on coordinated disclosure.
CVE-2018-3645: Intel would like to thank Mark Barnes for reporting this issue and working with us on coordinated disclosure.
CVE-2018-3638: Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.