CVE-2018-12173

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
intelserver_board_s2600bp_firmware
𝑥
< 00.01.0014
intelserver_board_s2600wf_firmware
𝑥
< 00.01.0014
intelserver_board_s2600st_firmware
𝑥
< 00.01.0014
intelserver_board_s2600bpr_firmware
𝑥
< 00.01.0014
intelserver_board_s2600wfr_firmware
𝑥
< 00.01.0014
intelserver_board_s2600str_firmware
𝑥
< 00.01.0014
intelcompute_module_hns2600bp_firmware
𝑥
< 00.01.0014
intelcompute_module_hns2600bpr_firmware
𝑥
< 00.01.0014
intelserver_system_r2000wf_firmware
𝑥
< 00.01.0014
intelserver_system_r1000wf_firmware
𝑥
< 00.01.0014
intelserver_system_r1000wfr_firmware
𝑥
< 00.01.0014
intelserver_system_r2000wfr_firmware
𝑥
< 00.01.0014
intelserver_system_h2000g_firmware
𝑥
< 00.01.0014
intelserver_system_h2000gr_firmware
𝑥
< 00.01.0014
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.lenovo.com/us/en/solutions/LEN-24799
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html
http://support.lenovo.com/us/en/solutions/LEN-24799
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html