CVE-2018-3652
7.6
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability: 0.9 / Impact: 6.0
Source: NVD
Description
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
Affected (164)
Products: Intel: Xeon E3, Xeon E3 1220 V5, Xeon E3 1220 V6, Xeon E3 1225 V5, Xeon E3 1225 V6, Xeon E3 1230 V5, Xeon E3 1230 V6, Xeon E3 1235l V5, Xeon E3 1240 V5, Xeon E3 1240 V6, Xeon E3 1240l V5, Xeon E3 1245 V5, Xeon E3 1245 V6, Xeon E3 1260l V5, Xeon E3 1268l V5, Xeon E3 1270 V5, Xeon E3 1270 V6, Xeon E3 1275 V5, Xeon E3 1275 V6, Xeon E3 1280 V5, Xeon E3 1280 V6, Xeon E3 1285 V6, Xeon E3 1501l V6, Xeon E3 1501m V6, Xeon E3 1505l V5, Xeon E3 1505l V6, Xeon E3 1505m V5, Xeon Bronze 3104, Xeon Bronze 3106, Xeon Gold, Xeon Platinum, Xeon Silver, Xeon, Atom C
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1505m_v6 | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| Version 5115 | |
| Version 8153 | |
| Version 4108 |
References (4)
Source: secure@intel.com
Third Party Advisory
Source: secure@intel.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Timeline
No history available yet.