CVE-2018-3615
high-risk
Published 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
Do I need to act?
~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
LOCAL
/ HIGH complexity
Affected Products (20)
Affected Vendors
References (34)
Third Party Advisory
http://support.lenovo.com/us/en/solutions/LEN-24163
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
Third Party Advisory
http://www.securityfocus.com/bid/105080
Third Party Advisory
http://www.securitytracker.com/id/1041451
Technical Description
https://foreshadowattack.eu/
Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008
Third Party Advisory
https://security.netapp.com/advisory/ntap-20180815-0001/
Third Party Advisory
https://support.f5.com/csp/article/K35558453
Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
Third Party Advisory
https://www.kb.cert.org/vuls/id/982149
Third Party Advisory
https://www.synology.com/support/security/Synology_SA_18_45
Third Party Advisory
http://support.lenovo.com/us/en/solutions/LEN-24163
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en
Third Party Advisory
http://www.securityfocus.com/bid/105080
and 14 more references
53
/ 100
high-risk
Severity
17/34 · Moderate
Exploitability
4/34 · Minimal
Exposure
32/34 · Critical