CVE-2018-12173
Severity Score
7.6
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Protección de acceso insuficiente en el firmware en Intel Server Board, Intel Server System e Intel Compute Module en versiones del firmware anteriores a la 00.01.0014 podría permitir que un atacante no autenticado pueda ejecutar código arbitrario, lo que resulta en una divulgación de información, escalado de privilegios y/o una denegación de servicio (DoS) mediante acceso local.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-06-11 CVE Reserved
- 2018-10-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://support.lenovo.com/us/en/solutions/LEN-24799 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Intel Search vendor "Intel" | Server Board S2600bp Firmware Search vendor "Intel" for product "Server Board S2600bp Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server Board S2600bp Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server Board S2600bp Search vendor "Intel" for product "Server Board S2600bp" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server Board S2600wf Firmware Search vendor "Intel" for product "Server Board S2600wf Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server Board S2600wf Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server Board S2600wf Search vendor "Intel" for product "Server Board S2600wf" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server Board S2600st Firmware Search vendor "Intel" for product "Server Board S2600st Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server Board S2600st Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server Board S2600st Search vendor "Intel" for product "Server Board S2600st" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server Board S2600bpr Firmware Search vendor "Intel" for product "Server Board S2600bpr Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server Board S2600bpr Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server Board S2600bpr Search vendor "Intel" for product "Server Board S2600bpr" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server Board S2600wfr Firmware Search vendor "Intel" for product "Server Board S2600wfr Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server Board S2600wfr Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server Board S2600wfr Search vendor "Intel" for product "Server Board S2600wfr" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server Board S2600str Firmware Search vendor "Intel" for product "Server Board S2600str Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server Board S2600str Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server Board S2600str Search vendor "Intel" for product "Server Board S2600str" | - | - |
Safe
|
| Intel Search vendor "Intel" | Compute Module Hns2600bp Firmware Search vendor "Intel" for product "Compute Module Hns2600bp Firmware" | < 00.01.0014 Search vendor "Intel" for product "Compute Module Hns2600bp Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Compute Module Hns2600bp Search vendor "Intel" for product "Compute Module Hns2600bp" | - | - |
Safe
|
| Intel Search vendor "Intel" | Compute Module Hns2600bpr Firmware Search vendor "Intel" for product "Compute Module Hns2600bpr Firmware" | < 00.01.0014 Search vendor "Intel" for product "Compute Module Hns2600bpr Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Compute Module Hns2600bpr Search vendor "Intel" for product "Compute Module Hns2600bpr" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server System R2000wf Firmware Search vendor "Intel" for product "Server System R2000wf Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server System R2000wf Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server System R2000wf Search vendor "Intel" for product "Server System R2000wf" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server System R1000wf Firmware Search vendor "Intel" for product "Server System R1000wf Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server System R1000wf Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server System R1000wf Search vendor "Intel" for product "Server System R1000wf" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server System R1000wfr Firmware Search vendor "Intel" for product "Server System R1000wfr Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server System R1000wfr Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server System R1000wfr Search vendor "Intel" for product "Server System R1000wfr" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server System R2000wfr Firmware Search vendor "Intel" for product "Server System R2000wfr Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server System R2000wfr Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server System R2000wfr Search vendor "Intel" for product "Server System R2000wfr" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server System H2000g Firmware Search vendor "Intel" for product "Server System H2000g Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server System H2000g Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server System H2000g Search vendor "Intel" for product "Server System H2000g" | - | - |
Safe
|
| Intel Search vendor "Intel" | Server System H2000gr Firmware Search vendor "Intel" for product "Server System H2000gr Firmware" | < 00.01.0014 Search vendor "Intel" for product "Server System H2000gr Firmware" and version " < 00.01.0014" | - |
Affected
| in | Intel Search vendor "Intel" | Server System H2000gr Search vendor "Intel" for product "Server System H2000gr" | - | - |
Safe
|