CVE-2018-12169

CWE-287 — Improper Authentication3 documents3 sources

Severity

7.6HIGH

EPSS

0.1%

top 82.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Core I3 Intel Core I5 Intel Core I7 +1 more

Timeline

PublishedSep 21

Latest updateMay 14

Description

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages4 packages

▶NVDintel/core_i380 versions+79

▶NVDintel/core_i5123 versions+122

▶NVDintel/core_i7113 versions+112

▶NVDintel/core_i98950hk

🔴Vulnerability Details

GHSA

GHSA-7hjg-jw54-wcj9: Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Ge↗2022-05-14

▶

CVEList

CVE-2018-12169: Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Ge↗2018-09-21

▶