INTEL-SA-00151 - Intel® Quartus Family of Tools Privilege Escalation Vulnerability Intel® Quartus Family of Tools Privilege Escalation Vulnerability Corporate Pages Security {"title":"INTEL-SA-00151"} Altera Security Advisory: INTEL-SA-00151 Product family: Intel® Quartus family of tools Impact of vulnerability: Escalation of Privilege Severity rating: Moderate Original release: 07/10/2018 Last revised: 05/06/2026 Summary: Unquoted service paths in the Intel® Quartus family of tools allows a local attacker to potentially execute arbitrary code. Description: The Joint Test Action Group (JTAG) server is vulnerable to replacement of required executables, which on reboot may be run with elevated privileges. Affected products: Quartus II v11.0 – 15.0 ( CVE-2018-3683 ) Quartus Prime v15.1 – 18.0 ( CVE-2018-3684 ) Intel Quartus II Programmer and Tools v11.0 – 15.0 ( CVE-2018-3687 ) Intel Quartus Prime Programmer and Tools v15.1 – 18.0 ( CVE-2018-3688 ) Recommendations: Intel recommends for the affected products listed in this report, to run the patch found here: https://community.altera.com/kb/knowledge-base/vulnerability-in-jtag-server-potentially-allows-a-local-attacker-to-execute-arbi/338944 Or install Quartus Prime release v18.1 or later (check availability here: https://www.altera.com/products/development-tools/quartus ), which already includes the update. Acknowledgements: Intel would like to thank SaifAllah benMassaoud for reporting this issue and working with us on coordinated disclosure. Revision Date Description 1.0 07/10/2018 Initial Release 1.1 10/10/2019 Acknowledgements update 1.2 05/06/2026 Transfer Advisory to Altera. CVE Name: CVE-2018-3683, CVE-2018-3684, CVE-2018-3687, CVE-2018-3688 Legal Notices and Disclaimers Altera provides these materials as-is, with no express or implied warranties. All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice. Altera products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request. Altera products that have met their End of Servicing Updates may no longer receive functional and security updates. Altera technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://www.altera.com. Some results may have been estimated or simulated using internal Altera analysis or architecture simulation or modeling and are provided for informational purposes only. Any differences in your system hardware, software, or configuration may affect your actual performance. © Altera Corporation. Altera, the Altera logo, and other Altera marks are trademarks of Altera Corporation in the United States and other countries. Other names and brands may be claimed as the property of others.