CVE-2018-5407
Description
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on port contention.
Risk Information
Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.643
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update VM VirtualBox 5.2.26 to latest version | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0734 are fixed in OpenSSL (x64) 1.0.2q | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0737 are fixed in OpenSSL (x64) 1.1.0i | Windows |
| Multiple vulnerabilities are fixed in Node.js (11.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js (x64)(11.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 10 (10.24.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (x64) (16.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (16.15.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 8.14.0 | Windows |
| Multiple vulnerabilities are fixed in Node.js 8 (x64) 8.14.0 | Windows |
| Vulnerabilities CVE-2018-5407 are affected in Nessus Agent (x64) 8.1.0 | Windows |
| Vulnerabilities CVE-2018-5407 are affected in Nessus Agent 8.1.0 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Nessus 7.1.4 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0734 are fixed in Nessus 8.1.1 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737 are fixed in Tenable Nessus 7.1.4 | Windows |
| Vulnerabilities CVE-2018-5407,CVE-2018-0734 are fixed in Tenable Nessus 8.1.1 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 8.4 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 15.1 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 15.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 16.1 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 16.2 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 17.12 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 18.8 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.0 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.1-1ubuntu2.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.1-1ubuntu2.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.0g-2ubuntu4.3_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.1_1.1.0g-2ubuntu4.3_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu5.2_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu5.2_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu6.1_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2n-1ubuntu6.1_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.1f-1ubuntu2.27_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.1f-1ubuntu2.27_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2g-1ubuntu4.14_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-3840-1) libssl1.0.0_1.0.2g-1ubuntu4.14_amd64.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_i386.deb | Linux |
| openssl security update(DSA-4157-1) openssl_1.1.0j-1~deb9u1_amd64.deb | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl-devel-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-32bit-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-debuginfo-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-debuginfo-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Desktop 12-SP3 ) openssl-debugsource-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Server 12-SP3 ) libopenssl1_0_0-hmac-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Server 12-SP3 ) libopenssl1_0_0-hmac-32bit-1.0.2j-60.46.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3866-1(SUSE Linux Enterprise Server 12-SP3 ) openssl-doc-1.0.2j-60.46.1.noarch.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl-1_0_0-devel-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-32bit-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-debuginfo-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssl-1_0_0-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssl-1_0_0-debuginfo-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Desktop 12-SP4 ) openssl-1_0_0-debugsource-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_0_0-hmac-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Server 12-SP4 ) libopenssl1_0_0-hmac-32bit-1.0.2p-3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3989-1(SUSE Linux Enterprise Server 12-SP4 ) openssl-1_0_0-doc-1.0.2p-3.3.1.noarch.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) compat-openssl098-debugsource-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-32bit-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-0.9.8j-106.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:4068-1(SUSE Linux Enterprise Desktop 12-SP3 ) libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.9.1.x86_64.rpm | Linux |
| (RHSA-2019:2125) ovmf security and enhancement update OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm | Linux |
| Openssl update (ELSA-2019-0483) openssl-1.0.2k-16.0.1.el7_6.1.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2019-0483) openssl-devel-1.0.2k-16.0.1.el7_6.1.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2019-0483) openssl-libs-1.0.2k-16.0.1.el7_6.1.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2019-0483) openssl-perl-1.0.2k-16.0.1.el7_6.1.x86_64.rpm | Linux |
| Openssl-static update (ELSA-2019-0483) openssl-static-1.0.2k-16.0.1.el7_6.1.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2019-0483) openssl-devel-1.0.2k-16.0.1.el7_6.1.i686.rpm | Linux |
| Openssl-libs update (ELSA-2019-0483) openssl-libs-1.0.2k-16.0.1.el7_6.1.i686.rpm | Linux |
| Openssl-static update (ELSA-2019-0483) openssl-static-1.0.2k-16.0.1.el7_6.1.i686.rpm | Linux |
| (CESA-2019:2125) ovmf security and enhancement update OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm | Linux |
| OVMF update (ELSA-2019-2125) OVMF-20180508-6.gitee3198e672e2.el7.noarch.rpm | Linux |
| Observable Discrepancy Vulnerability (CVE-2018-5407) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-342239 | Oracle VM VirtualBox (7.1.4) |
| PATCH-309917 | Node.js (11.15.0) |
| PATCH-309918 | Node.js (x64)(11.15.0) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-332182 | Node.js 16 (x64) (16.20.2) |
| PATCH-332181 | Node.js 16 (16.20.2) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-343100 | Nessus Agent (x64) (10.8.0) |
| PATCH-343099 | Nessus Agent (10.8.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234