1. Home
  2. CVE Database
  3. CVE-2018-12173
HIGH · 7.6

CVE-2018-12173

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially e...

Vulnerability Description

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

CVSS Score

7.6

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IntelServer Board S2600Bp Firmware< 00.01.0014
IntelServer Board S2600Bp-
IntelServer Board S2600Wf Firmware< 00.01.0014
IntelServer Board S2600Wf-
IntelServer Board S2600St Firmware< 00.01.0014
IntelServer Board S2600St-
IntelServer Board S2600Bpr Firmware< 00.01.0014
IntelServer Board S2600Bpr-
IntelServer Board S2600Wfr Firmware< 00.01.0014
IntelServer Board S2600Wfr-
IntelServer Board S2600Str Firmware< 00.01.0014
IntelServer Board S2600Str-
IntelCompute Module Hns2600Bp Firmware< 00.01.0014
IntelCompute Module Hns2600Bp-
IntelCompute Module Hns2600Bpr Firmware< 00.01.0014
IntelCompute Module Hns2600Bpr-
IntelServer System R2000Wf Firmware< 00.01.0014
IntelServer System R2000Wf-
IntelServer System R1000Wf Firmware< 00.01.0014
IntelServer System R1000Wf-

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2018-12173?

CVE-2018-12173 is a vulnerability with a CVSS score of 7.6 (HIGH). Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially e...

How severe is CVE-2018-12173?

CVE-2018-12173 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-12173?

Check the references section above for vendor advisories and patch information. Affected products include: Intel Server Board S2600Bp Firmware, Intel Server Board S2600Bp, Intel Server Board S2600Wf Firmware, Intel Server Board S2600Wf, Intel Server Board S2600St Firmware.