CVE-2018-12173 Information

Description

Insufficient access protection in firmware in Intel Server Board Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure escalation of privilege and/or denial of service via local access.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

http://support.lenovo.com/us/en/solutions/LEN-24799 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.6