Executive Summary

Informations
Name CVE-2018-5407 First vendor Publication 2018-11-15
Vendor Cve Last vendor Modification 2020-09-18

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score 4.7
Base Score 4.7 Environmental Score 4.7
impact SubScore 3.6 Temporal Score 4.7
Exploitabality Sub Score 1
 
Attack Vector Local Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 1.9 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-203 Information Exposure Through Discrepancy

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 574
Application 348
Application 1
Application 3
Application 3
Application 1
Application 14
Application 3
Application 12
Application 1
Application 210
Application 86
Os 4
Os 2
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2019-01-02 Name : Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File : nessus_tns_2018_16.nasl - Type : ACT_GATHER_INFO
2019-01-02 Name : Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File : nessus_tns_2018_17.nasl - Type : ACT_GATHER_INFO
2018-12-28 Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1434.nasl - Type : ACT_GATHER_INFO
2018-12-28 Name : Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File : nodejs_2018_nov.nasl - Type : ACT_GATHER_INFO
2018-12-20 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4355.nasl - Type : ACT_GATHER_INFO
2018-12-10 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type : ACT_GATHER_INFO
2018-12-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4348.nasl - Type : ACT_GATHER_INFO
2018-11-23 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2018-325-01.nasl - Type : ACT_GATHER_INFO
2018-11-23 Name : The remote Debian host is missing a security update.
File : debian_DLA-1586.nasl - Type : ACT_GATHER_INFO
2018-11-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_6f170cf2e6b711e8a9a8b499baebfeaf.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/105897
CONFIRM https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181126-0001/
https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm...
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17
DEBIAN https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
EXPLOIT-DB https://www.exploit-db.com/exploits/45785/
GENTOO https://security.gentoo.org/glsa/201903-10
MISC https://eprint.iacr.org/2018/1060.pdf
https://github.com/bbbrumley/portsmash
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
N/A https://www.oracle.com/security-alerts/cpuapr2020.html
REDHAT https://access.redhat.com/errata/RHSA-2019:0483
https://access.redhat.com/errata/RHSA-2019:0651
https://access.redhat.com/errata/RHSA-2019:0652
https://access.redhat.com/errata/RHSA-2019:2125
https://access.redhat.com/errata/RHSA-2019:3929
https://access.redhat.com/errata/RHSA-2019:3931
https://access.redhat.com/errata/RHSA-2019:3932
https://access.redhat.com/errata/RHSA-2019:3933
https://access.redhat.com/errata/RHSA-2019:3935
UBUNTU https://usn.ubuntu.com/3840-1/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Date Informations
2020-09-18 21:23:04
  • Multiple Updates
2020-05-23 02:16:55
  • Multiple Updates
2020-05-23 01:14:56
  • Multiple Updates
2019-07-29 21:19:56
  • Multiple Updates
2019-07-25 21:19:32
  • Multiple Updates
2019-07-24 05:19:21
  • Multiple Updates
2019-05-11 05:18:41
  • Multiple Updates
2019-04-24 21:19:43
  • Multiple Updates
2019-04-24 05:18:59
  • Multiple Updates
2019-04-24 00:18:56
  • Multiple Updates
2019-03-27 21:19:36
  • Multiple Updates
2019-03-27 00:19:09
  • Multiple Updates
2019-03-14 13:19:44
  • Multiple Updates
2019-03-05 21:19:22
  • Multiple Updates
2019-01-30 12:10:10
  • Multiple Updates
2019-01-17 21:19:21
  • Multiple Updates
2019-01-17 00:19:24
  • Multiple Updates
2018-12-21 17:19:15
  • Multiple Updates
2018-12-20 17:18:54
  • Multiple Updates
2018-12-19 21:19:42
  • Multiple Updates
2018-12-07 17:19:15
  • Multiple Updates
2018-12-01 17:19:01
  • Multiple Updates
2018-11-29 21:19:34
  • Multiple Updates
2018-11-27 17:20:19
  • Multiple Updates
2018-11-22 17:20:11
  • Multiple Updates
2018-11-16 17:19:09
  • Multiple Updates
2018-11-16 00:20:52
  • First insertion