CVE-2018-12173
7.6
Vector
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 6.0
Source: NVD
Description
Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Affected (14)
Products: Intel: Server Board S2600bp Firmware, Server Board S2600wf Firmware, Server Board S2600st Firmware, Server Board S2600bpr Firmware, Server Board S2600wfr Firmware, Server Board S2600str Firmware, Compute Module Hns2600bp Firmware, Compute Module Hns2600bpr Firmware, Server System R2000wf Firmware, Server System R1000wf Firmware, Server System R1000wfr Firmware, Server System R2000wfr Firmware, Server System H2000g Firmware, Server System H2000gr Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bp | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600wf | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600st | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600bpr | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600wfr | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server Board S2600str | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bp | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Compute Module Hns2600bpr | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System R2000wf | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System R1000wf | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System R1000wfr | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System R2000wfr | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System H2000g | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 00.01.0014 |
| Running on/with | Platform Versions |
|---|---|
Intel Server System H2000gr | All versions |
References (4)
Source: secure@intel.com
Source: secure@intel.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.