CVE-2018-12176

Published Sep 12, 2018

Last updated 5 years ago

CVSS high 8.2

Overview

Description: Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Source: secure@intel.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.2
Impact score: 6
Exploitability score: 1.5
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71AA56A6-EB26-4A62-83EC-6961BC24D4DA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_d33217gke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02BFB59F-D932-43E5-9A41-3AE3A9047DCE"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_d53427rke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "412647D8-EA12-4EE6-A2D3-71DDFD963BF4"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_d54250wyb:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B8DB94BE-7F38-4029-954E-EFE1AC614798"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_de3815tybe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F83FBC94-6D65-4A44-992D-2A5AECC59E49"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "738AD9B2-1055-42D0-8D16-205340BE3BE7"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5cpyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4EB62714-4F2E-4980-9898-BBC4B06085F2"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i3myhe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97B8B238-D4DA-40A8-92CD-42B0EB6B1E2E"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i5myhe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FB5226BE-680C-4915-AB23-EABC588DCC0B"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5i7ryh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "03D56B57-D4CD-47E9-AE86-B1307D3609B7"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc5pgyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E9ED06A8-FABF-431E-A5F4-F1B50E1F51B8"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A261B82-5F54-4556-B1D1-53F0CFDF1830"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6i5syh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3892CA36-86BF-4861-8C32-657212EABC92"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc6i7kyk:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5CC80B8F-D912-40D3-90AF-00DDF6A91AED"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i3dnhe:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3143ABA5-9741-4CD2-AB9A-A7600EA6E32F"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i5dnke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2EF7E820-8567-4E9A-8247-5E1665FFF8BC"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i7bnh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0DE3105-8418-4CA3-80B0-5EE4E394D58F"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc7i7dnke:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5DFDFEB2-B10D-489E-B51C-10FA84E65858"
          },
          {
            "criteria": "cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "244CD6EC-780A-405E-8CFA-666A666FF7D5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F811493-1AB4-47BC-B942-2E93A7349843"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:compute_card_cd1iv128mk:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CFEA643F-FE21-45B0-AC74-D87D7D864D10"
          },
          {
            "criteria": "cpe:2.3:h:intel:compute_card_cd1m3128mk:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1FA6131-F3C8-4B98-B4E8-C320C262F750"
          },
          {
            "criteria": "cpe:2.3:h:intel:compute_card_cd1p64gk:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E3D93D1-5772-4806-9428-9AB26B32D210"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202B4308-A49D-487D-A04D-FE34235F61C5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E453448C-AA11-48E3-8423-60E62A10D0CA"
          },
          {
            "criteria": "cpe:2.3:h:intel:compute_stick_stk1aw32sc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3A8B7517-4313-4DA8-953E-B36279157FC3"
          },
          {
            "criteria": "cpe:2.3:h:intel:compute_stick_stk2m3w64cc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9A90BE5-6136-43A9-BC91-9474D3D0EEF6"
          },
          {
            "criteria": "cpe:2.3:h:intel:compute_stick_stk2mv64cc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B0C9D80-37A3-43E5-B818-55532F613436"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References