CVE-2018-12173 — Incorrect Permission Assignment in Intel Compute Module Hns2600bp Firmware

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.6HIGHNVD

EPSS

0.0%

top 87.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Compute Module Hns2600bp Firmware Intel Compute Module Hns2600bpr Firmware Intel Server Board S2600bp Firmware +12 more

Timeline

PublishedOct 10

Latest updateMay 13

Description

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages15 packages

▶NVDintel/server_board_s2600bp_firmware< 00.01.0014

▶NVDintel/server_board_s2600st_firmware< 00.01.0014

▶NVDintel/server_board_s2600wf_firmware< 00.01.0014

▶NVDintel/server_system_h2000g_firmware< 00.01.0014

▶NVDintel/server_board_s2600bpr_firmware< 00.01.0014

🔴Vulnerability Details

GHSA

GHSA-x4rx-5q6p-5972: Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00↗2022-05-13

▶

CVEList

CVE-2018-12173: Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00↗2018-10-10

▶