CVE-2018-3652

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
intelxeon_e3_1220_v5
-
intelxeon_e3_1220_v6
-
intelxeon_e3_1225_v5
-
intelxeon_e3_1225_v6
-
intelxeon_e3_1230_v5
-
intelxeon_e3_1230_v6
-
intelxeon_e3_1235l_v5
-
intelxeon_e3_1240_v5
-
intelxeon_e3_1240_v6
-
intelxeon_e3_1240l_v5
-
intelxeon_e3_1245_v5
-
intelxeon_e3_1245_v6
-
intelxeon_e3_1260l_v5
-
intelxeon_e3_1268l_v5
-
intelxeon_e3_1270_v5
-
intelxeon_e3_1270_v6
-
intelxeon_e3_1275_v5
-
intelxeon_e3_1275_v6
-
intelxeon_e3_1280_v5
-
intelxeon_e3_1280_v6
-
intelxeon_e3_1285_v6
-
intelxeon_e3_1501l_v6
-
intelxeon_e3_1501m_v6
-
intelxeon_e3_1505l_v5
-
intelxeon_e3_1505l_v6
-
intelxeon_e3_1505m_v5
-
intelxeon_bronze_3104
-
intelxeon_bronze_3106
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.netapp.com/advisory/ntap-20180802-0001/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html
https://security.netapp.com/advisory/ntap-20180802-0001/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html