CVE-2018-3640

MEDIUM

Description

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

ID	Name	Product	Family	Severity
700519	macOS 10.14.x < 10.14.1 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
123443	openSUSE Security Update : ucode-intel (openSUSE-2019-622) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
123215	openSUSE Security Update : ucode-intel (openSUSE-2019-510) (Spectre)	Nessus	SuSE Local Security Checks	medium
122975	Security Updates for Windows 10 / Windows Server 2016 / Windows Server 2019 (March 2019) (Spectre) (Meltdown) (Foreshadow)	Nessus	Windows : Microsoft Bulletins	medium
122974	Security Updates for Windows 10 / Windows Server 2019 (February 2019) (Spectre) (Meltdown) (Foreshadow)	Nessus	Windows : Microsoft Bulletins	medium
120080	SUSE SLED15 / SLES15 Security Update : Security update to ucode-intel (SUSE-SU-2018:2338-1) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
120040	SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2018:1926-1) (Spectre)	Nessus	SuSE Local Security Checks	medium
118575	macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)	Nessus	MacOS X Local Security Checks	critical
118574	macOS 10.14.x < 10.14.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
118573	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)	Nessus	MacOS X Local Security Checks	critical
118281	SUSE SLES12 Security Update : Security update to ucode-intel (SUSE-SU-2018:2331-2) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
118274	SUSE SLES12 Security Update : Recommended update for ucode-intel (SUSE-SU-2018:1935-2) (Spectre)	Nessus	SuSE Local Security Checks	medium
117502	Debian DLA-1506-1 : intel-microcode security update (Foreshadow) (Spectre)	Nessus	Debian Local Security Checks	medium
112151	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Intel Microcode vulnerabilities (USN-3756-1) (Foreshadow) (Spectre)	Nessus	Ubuntu Local Security Checks	medium
112116	Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)	Nessus	Windows : Microsoft Bulletins	medium
112031	openSUSE Security Update : ucode-intel (openSUSE-2018-887) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
111796	Debian DSA-4273-1 : intel-microcode - security update (Spectre)	Nessus	Debian Local Security Checks	medium
111783	SUSE SLES11 Security Update : Security update to ucode-intel (SUSE-SU-2018:2335-1) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
111781	SUSE SLED12 / SLES12 Security Update : Security update to ucode-intel (SUSE-SU-2018:2331-1) (Foreshadow) (Spectre)	Nessus	SuSE Local Security Checks	medium
111373	SUSE SLES11 Security Update : microcode_ctl (SUSE-SU-2018:2076-1) (Spectre)	Nessus	SuSE Local Security Checks	medium
111359	Debian DLA-1446-1 : intel-microcode security update (Spectre)	Nessus	Debian Local Security Checks	medium
111051	SUSE SLED12 / SLES12 Security Update : Recommended update for ucode-intel (SUSE-SU-2018:1935-1) (Spectre)	Nessus	SuSE Local Security Checks	medium
110958	openSUSE Security Update : ucode-intel (openSUSE-2018-700) (Spectre)	Nessus	SuSE Local Security Checks	medium
110901	VMSA-2018-0012 : VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue (Spectre)	Nessus	VMware ESX Local Security Checks	medium

CVE-2018-3640

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

medium

medium

medium

medium

medium

medium

critical

high

critical

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium