{"id": "CVE-2018-12173", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.6, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.9}]}, "published": "2018-10-10T18:29:04.373", "references": [{"url": "http://support.lenovo.com/us/en/solutions/LEN-24799", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html", "tags": ["Vendor Advisory"], "source": "secure@intel.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access."}, {"lang": "es", "value": "Protecci\u00f3n de acceso insuficiente en el firmware en Intel Server Board, Intel Server System e Intel Compute Module en versiones del firmware anteriores a la 00.01.0014 podr\u00eda permitir que un atacante no autenticado pueda ejecutar c\u00f3digo arbitrario, lo que resulta en una divulgaci\u00f3n de informaci\u00f3n, escalado de privilegios y/o una denegaci\u00f3n de servicio (DoS) mediante acceso local."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_board_s2600bp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "905CC95F-AD91-4E3E-AAB3-7B89AD086BE4", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_board_s2600bp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BA2B3A6-7582-437C-A7B5-D281A4B15F15"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_board_s2600wf_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BA33484-8E9F-4B53-9AA7-B33D1887F8F2", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_board_s2600wf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "27A7EB6D-0BFC-4867-B50D-C1EA408454FC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9484A074-D3BC-4B14-8573-E0DE3279E73B", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_board_s2600st:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "299A5554-98F1-412D-9E33-8FA8B483390E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_board_s2600bpr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1E49B55-1DAB-40DD-B2AF-98195BBDE601", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_board_s2600bpr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F50D8078-3202-4F46-A44F-5A7A91E9B294"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_board_s2600wfr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01C63945-350B-4F4E-AD4F-799D42BC744C", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_board_s2600wfr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48309FCE-2450-4E62-88E7-C3555407B088"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_board_s2600str_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F2B5CE4-46DA-435F-9580-3E6D7FDDF691", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_board_s2600str:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8A25193-F15D-4192-AE92-E93C0EDD288A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:compute_module_hns2600bp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CC64012-7A4D-44D2-AD4B-70D45FAE3028", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:compute_module_hns2600bp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "802277D8-D0CC-4604-A503-9E3B5CAA3BCB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:compute_module_hns2600bpr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4454BCDD-59E2-4CE1-A28A-86406C2C0090", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:compute_module_hns2600bpr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "862E033C-2B69-4F46-8E58-DC3FDE0854DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_system_r2000wf_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC911C85-6F09-4778-961D-C4267A60F93D", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_system_r2000wf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0743F0A-5FFB-4A0C-8482-01921417D57D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_system_r1000wf_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69ED2E89-62FF-4E0E-9D49-E8337CD10083", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_system_r1000wf:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5947C52C-C9BD-4B56-9409-A367F2C51D23"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_system_r1000wfr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE4F791D-63CC-4909-9AB2-41DE0F9E826D", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_system_r1000wfr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2E8ECC5-0042-4E5D-8A68-4E118A324A65"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_system_r2000wfr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94477771-3A8B-498E-8300-C8C7476D7E52", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_system_r2000wfr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F67DAC0-B63F-4681-ABAE-343A178A0FC0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_system_h2000g_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45E8CDC7-BC33-401A-8D57-DEFC0B1AE143", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_system_h2000g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1F31E91-5C88-4F33-8236-BAE1342F75CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:server_system_h2000gr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7708BD30-0487-40D2-BEC0-5509D8454EF9", "versionEndExcluding": "00.01.0014"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:server_system_h2000gr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "26233260-62F9-47A5-B6ED-B10813966244"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}