CVE-2018-12172 — MEDIUM (5.5)

Vulnerability Description

Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Intel	S7200Ap Firmware	r01.03.0018
Intel	S7200Ap	-
Intel	Hns7200Ap Firmware	r01.03.0018
Intel	Hns7200Ap	-
Intel	S7200Apr Firmware	r01.03.0018
Intel	S7200Apr	-
Intel	Hns7200Apr Firmware	r01.03.0018
Intel	Hns7200Apr	-

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.Vendor Advisory

FAQ

What is CVE-2018-12172?

CVE-2018-12172 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords vi...

How severe is CVE-2018-12172?

CVE-2018-12172 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12172?

Check the references section above for vendor advisories and patch information. Affected products include: Intel S7200Ap Firmware, Intel S7200Ap, Intel Hns7200Ap Firmware, Intel Hns7200Ap, Intel S7200Apr Firmware.