CVE-2018-12173

Published Oct 10, 2018
Last updated 4 days ago
CVSS high 7.6
Overview

Description: Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Source: secure@intel.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.6
Impact score: 6
Exploitability score: 0.9
Vector string: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-732
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_board_s2600bp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "905CC95F-AD91-4E3E-AAB3-7B89AD086BE4",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_board_s2600bp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2BA2B3A6-7582-437C-A7B5-D281A4B15F15"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_board_s2600wf_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BA33484-8E9F-4B53-9AA7-B33D1887F8F2",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_board_s2600wf:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "27A7EB6D-0BFC-4867-B50D-C1EA408454FC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9484A074-D3BC-4B14-8573-E0DE3279E73B",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_board_s2600st:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "299A5554-98F1-412D-9E33-8FA8B483390E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_board_s2600bpr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1E49B55-1DAB-40DD-B2AF-98195BBDE601",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_board_s2600bpr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F50D8078-3202-4F46-A44F-5A7A91E9B294"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_board_s2600wfr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01C63945-350B-4F4E-AD4F-799D42BC744C",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_board_s2600wfr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48309FCE-2450-4E62-88E7-C3555407B088"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_board_s2600str_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F2B5CE4-46DA-435F-9580-3E6D7FDDF691",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_board_s2600str:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A8A25193-F15D-4192-AE92-E93C0EDD288A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:compute_module_hns2600bp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CC64012-7A4D-44D2-AD4B-70D45FAE3028",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:compute_module_hns2600bp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "802277D8-D0CC-4604-A503-9E3B5CAA3BCB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:compute_module_hns2600bpr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4454BCDD-59E2-4CE1-A28A-86406C2C0090",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:compute_module_hns2600bpr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "862E033C-2B69-4F46-8E58-DC3FDE0854DF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_system_r2000wf_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC911C85-6F09-4778-961D-C4267A60F93D",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_system_r2000wf:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0743F0A-5FFB-4A0C-8482-01921417D57D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_system_r1000wf_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69ED2E89-62FF-4E0E-9D49-E8337CD10083",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_system_r1000wf:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5947C52C-C9BD-4B56-9409-A367F2C51D23"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_system_r1000wfr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE4F791D-63CC-4909-9AB2-41DE0F9E826D",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_system_r1000wfr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2E8ECC5-0042-4E5D-8A68-4E118A324A65"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_system_r2000wfr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94477771-3A8B-498E-8300-C8C7476D7E52",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_system_r2000wfr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F67DAC0-B63F-4681-ABAE-343A178A0FC0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_system_h2000g_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45E8CDC7-BC33-401A-8D57-DEFC0B1AE143",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_system_h2000g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1F31E91-5C88-4F33-8236-BAE1342F75CF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:server_system_h2000gr_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7708BD30-0487-40D2-BEC0-5509D8454EF9",
            "versionEndExcluding": "00.01.0014"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:server_system_h2000gr:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26233260-62F9-47A5-B6ED-B10813966244"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
