Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0189
Intel SSD DC S4500/S4600 Series Advisory
10 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel Solid State Drives (SSD) for Data Centers (DC) S4500/S4600
Operating System: Firmware
Impact/Access: Increased Privileges -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2018-18095
Member content until: Friday, August 9 2019
OVERVIEW
Intel has discovered a vulnerability in Intel Solid State Drives
(SSD) for Data Centers (DC) S4500/S4600 Series in firmware before
SCV10150. [1]
IMPACT
Intel has provided the following information regarding the
vulnerability:
CVEID: CVE-2018-18095
Description: Improper authentication in firmware for Intel(R) SSD DC
S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may
allow an unprivileged user to potentially enable escalation of
privilege via physical access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" [1]
MITIGATION
Intel recommends that users update to the latest version of firmware.
[1]
REFERENCES
[1] Intel SSD DC S4500/S4600 Series Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00267.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXSU5HGaOgq3Tt24GAQimxw/+L/2VSw2mO4VdqLyJA4PurirLJ1PQCQZK
PSPn+LkT2phS+guXYkBw/Dt6OdSbpgt5jrRy+0mDVxalSa8Q9X1oGo82TC9Hp+ZO
wJ6xT/rfJS6hDmdZbOpfQGVeMeIefoLpqWy3DPUB0wH3DJmiQIzieCvtL8nlYlIJ
8j4+ZaVapKlhNNxk+SxmoYNkCYHj0NFvajA1fQZeKuBSNNt8Blramk+l8ZUf1biC
Mg0IeK+GTajuFge3+7nVIS3SdKImCN4Eb2Kk0c8IYUND5/3pP7Zs3G9NBP601o6h
mJ1NtlwbMHotSxLK1F2kNC55UoF7gU4t8Mw24fqVGnAvehDdy13mxkm4jzrVLzBS
ROBN9w/Xmfn3AxDNmNbwKLAtwhM1ddKe0sVwkirX43W6sotkTqKQDWvR4ok6NUrA
3sElk5PgmVV22rUskbT2Hvjikz+iGGbcG0f57IYEszwA+PEPUNn9dU7PLXrTccTP
QAaBnp5Cap4hUib1Z8FeEDthuuaBSHsI1rmfwr9idNPTSyvReCeFWpT0avU1Q/Gk
sYaswKm571w+iYcrV7cHx06SS8h6L7maJ3f8v+nQ4N4iaiSZcqbWmC1PqSrRuvnw
N+mAEP25hctYsnmLSHYNXCOb/9XdK73R9iWNWa3m/7BsI1ZpYYIH3Ti5Ar7BmBrR
pGfXopFNX5w=
=l2vd
-----END PGP SIGNATURE-----