Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0189 Intel SSD DC S4500/S4600 Series Advisory 10 July 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Solid State Drives (SSD) for Data Centers (DC) S4500/S4600 Operating System: Firmware Impact/Access: Increased Privileges -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2018-18095 Member content until: Friday, August 9 2019 OVERVIEW Intel has discovered a vulnerability in Intel Solid State Drives (SSD) for Data Centers (DC) S4500/S4600 Series in firmware before SCV10150. [1] IMPACT Intel has provided the following information regarding the vulnerability: CVEID: CVE-2018-18095 Description: Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access. CVSS Base Score: 5.3 Medium CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N" [1] MITIGATION Intel recommends that users update to the latest version of firmware. [1] REFERENCES [1] Intel SSD DC S4500/S4600 Series Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00267.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXSU5HGaOgq3Tt24GAQimxw/+L/2VSw2mO4VdqLyJA4PurirLJ1PQCQZK PSPn+LkT2phS+guXYkBw/Dt6OdSbpgt5jrRy+0mDVxalSa8Q9X1oGo82TC9Hp+ZO wJ6xT/rfJS6hDmdZbOpfQGVeMeIefoLpqWy3DPUB0wH3DJmiQIzieCvtL8nlYlIJ 8j4+ZaVapKlhNNxk+SxmoYNkCYHj0NFvajA1fQZeKuBSNNt8Blramk+l8ZUf1biC Mg0IeK+GTajuFge3+7nVIS3SdKImCN4Eb2Kk0c8IYUND5/3pP7Zs3G9NBP601o6h mJ1NtlwbMHotSxLK1F2kNC55UoF7gU4t8Mw24fqVGnAvehDdy13mxkm4jzrVLzBS ROBN9w/Xmfn3AxDNmNbwKLAtwhM1ddKe0sVwkirX43W6sotkTqKQDWvR4ok6NUrA 3sElk5PgmVV22rUskbT2Hvjikz+iGGbcG0f57IYEszwA+PEPUNn9dU7PLXrTccTP QAaBnp5Cap4hUib1Z8FeEDthuuaBSHsI1rmfwr9idNPTSyvReCeFWpT0avU1Q/Gk sYaswKm571w+iYcrV7cHx06SS8h6L7maJ3f8v+nQ4N4iaiSZcqbWmC1PqSrRuvnw N+mAEP25hctYsnmLSHYNXCOb/9XdK73R9iWNWa3m/7BsI1ZpYYIH3Ti5Ar7BmBrR pGfXopFNX5w= =l2vd -----END PGP SIGNATURE-----