Vulnerability Description
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Xeon E3 | 1505m_v6 |
| Intel | Xeon E3 1220 V5 | - |
| Intel | Xeon E3 1220 V6 | - |
| Intel | Xeon E3 1225 V5 | - |
| Intel | Xeon E3 1225 V6 | - |
| Intel | Xeon E3 1230 V5 | - |
| Intel | Xeon E3 1230 V6 | - |
| Intel | Xeon E3 1235L V5 | - |
| Intel | Xeon E3 1240 V5 | - |
| Intel | Xeon E3 1240 V6 | - |
| Intel | Xeon E3 1240L V5 | - |
| Intel | Xeon E3 1245 V5 | - |
| Intel | Xeon E3 1245 V6 | - |
| Intel | Xeon E3 1260L V5 | - |
| Intel | Xeon E3 1268L V5 | - |
| Intel | Xeon E3 1270 V5 | - |
| Intel | Xeon E3 1270 V6 | - |
| Intel | Xeon E3 1275 V5 | - |
| Intel | Xeon E3 1275 V6 | - |
| Intel | Xeon E3 1280 V5 | - |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20180802-0001/Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.MitigationVendor Advisory
- https://security.netapp.com/advisory/ntap-20180802-0001/Third Party Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.MitigationVendor Advisory
FAQ
What is CVE-2018-3652?
CVE-2018-3652 is a vulnerability with a CVSS score of 7.6 (HIGH). Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows...
How severe is CVE-2018-3652?
CVE-2018-3652 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-3652?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Xeon E3, Intel Xeon E3 1220 V5, Intel Xeon E3 1220 V6, Intel Xeon E3 1225 V5, Intel Xeon E3 1225 V6.