CVE-2018-12173

HIGH

Intel Server Board S2600bp Firmware < 00.01.0014 - Incorrect Permission Assignment

Title source: rule

Description

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html

Various Sources x_refsource_confirm

http://support.lenovo.com/us/en/solutions/LEN-24799

Scores

CVSS v3 7.6

EPSS 0.0004

EPSS Percentile 12.5%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (14)

intel/compute_module_hns2600bp_firmware < 00.01.0014

intel/compute_module_hns2600bpr_firmware < 00.01.0014

intel/server_board_s2600bp_firmware < 00.01.0014

intel/server_board_s2600bpr_firmware < 00.01.0014

intel/server_board_s2600st_firmware < 00.01.0014

intel/server_board_s2600str_firmware < 00.01.0014

intel/server_board_s2600wf_firmware < 00.01.0014

intel/server_board_s2600wfr_firmware < 00.01.0014

intel/server_system_h2000g_firmware < 00.01.0014

intel/server_system_h2000gr_firmware < 00.01.0014

... and 4 more

Published Oct 10, 2018

Tracked Since Feb 18, 2026