Vulnerability Description
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Bios | ayaplcel.86a |
| Intel | Ayaplcel.86A | - |
| Intel | Bnkbl357.86A | - |
| Intel | Ccsklm30.86A | - |
| Intel | Ccsklm5V.86A | - |
| Intel | Dnkbli30.86A | - |
| Intel | Dnkbli5V.86A | - |
| Intel | Dnkbli7V.86A | - |
| Intel | Fybyt10H.86A | - |
| Intel | Gkaplcpx.86A | - |
| Intel | Kyskli70.86A | - |
| Intel | Mkkbli5V.86A | - |
| Intel | Mkkbly35.86A | - |
| Intel | Mybdwi30.86A | - |
| Intel | Mybdwi5V.86A | - |
| Intel | Rybdwi35.86A | - |
| Intel | Syskli35.86A | - |
| Intel | Tybyt10H.86A | - |
Related Weaknesses (CWE)
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.Vendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.Vendor Advisory
FAQ
What is CVE-2018-3612?
CVE-2018-3612 is a vulnerability with a CVSS score of 7.8 (HIGH). Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
How severe is CVE-2018-3612?
CVE-2018-3612 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3612?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Bios, Intel Ayaplcel.86A, Intel Bnkbl357.86A, Intel Ccsklm30.86A, Intel Ccsklm5V.86A.