Strix
26.1K

CVE-2018-3635

HIGHCVSS 7.8/10EPSS 0.38%

Last modified

CVE-2018-3635 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.38%

30.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelRapid Storage Technology< 16.7

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-3635?
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.
How severe is CVE-2018-3635?
CVE-2018-3635 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.
How do I fix CVE-2018-3635?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-3635?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST