CVE-2018-3682

Published: Jul 10, 2018Modified: Nov 21, 2024

8.2

Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.5 / Impact: 6.0

Source: NVD

Description

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.

Affected (1)

Products: Intel: Bmc Firmware

Intel

1 product

Bmc Firmware

Configuration A

1 vulnerable · 69 platform

Vulnerable Software	Affected Versions
Intel Bmc Firmware	All versions

Running on/with	Platform Versions
Intel Bbs2600bpb	All versions
Intel Bbs2600bpq	All versions
Intel Bbs2600bps	All versions
Intel Bbs2600stb	All versions
Intel Bbs2600stq	All versions
Intel Bbs7200ap	All versions
Intel Bbs7200apl	All versions
Intel Dbs2600cw2r	All versions
Intel Dbs2600cw2sr	All versions
Intel Dbs2600cwtr	All versions
Intel Dbs2600cwtsr	All versions
Intel Hns2600bpb	All versions
Intel Hns2600bpb24	All versions
Intel Hns2600bpblc	All versions
Intel Hns2600bpblc24	All versions
Intel Hns2600bpq	All versions
Intel Hns2600bpq24	All versions
Intel Hns2600bps	All versions
Intel Hns2600bps24	All versions
Intel Hns2600kpfr	All versions
Intel Hns2600kpr	All versions
Intel Hns2600tp24r	All versions
Intel Hns2600tp24sr	All versions
Intel Hns2600tp24str	All versions
Intel Hns2600tpfr	All versions
Intel Hns2600tpnr	All versions
Intel Hns2600tpr	All versions
Intel Hns7200ap	All versions
Intel Hns7200apl	All versions
Intel Hns7200apr	All versions
Intel Hns7200aprl	All versions
Intel R1208wftys	All versions
Intel R1208wt2gsr	All versions
Intel R1208wttgsr	All versions
Intel R1304wf0ys	All versions
Intel R1304wftys	All versions
Intel R1304wt2gsr	All versions
Intel R1304wttgsr	All versions
Intel R2208wf0zs	All versions
Intel R2208wfqzs	All versions
Intel R2208wftzs	All versions
Intel R2208wt2ysr	All versions
Intel R2208wttyc1r	All versions
Intel R2208wttysr	All versions
Intel R2224wfqzs	All versions
Intel R2224wftzs	All versions
Intel R2224wttysr	All versions
Intel R2308wftzs	All versions
Intel R2308wttysr	All versions
Intel R2312wf0np	All versions
Intel R2312wfqzs	All versions
Intel R2312wftzs	All versions
Intel R2312wttysr	All versions
Intel S2600kpfr	All versions
Intel S2600kpr	All versions
Intel S2600kptr	All versions
Intel S2600stb	All versions
Intel S2600stq	All versions
Intel S2600tpfr	All versions
Intel S2600tpnr	All versions
Intel S2600tpr	All versions
Intel S2600tptr	All versions
Intel S2600wfo	All versions
Intel S2600wfq	All versions
Intel S2600wft	All versions
Intel S2600wt2r	All versions
Intel S2600wttr	All versions
Intel S2600wtts1r	All versions
Intel S7200apr	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html

Source: secure@intel.com

Vendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00130.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.