CVE-2018-12179Improper Access Control in Firmware Interface Development KIT

CWE-284Improper Access Control9 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tianocore Edk2Extensible Firmware Interface Development KIT
Timeline
PublishedMar 27
Latest updateMay 13

Description

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debiantianocore/edk2< 0~20190606.20d2e5a1-2+3

Patches

Patch: edk2-docs.gitbooks.ioPatch: edk2-docs.gitbooks.io

🔴Vulnerability Details

3
GHSA
GHSA-q4p4-w8wc-6x23: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclos2022-05-13
CVEList
CVE-2018-12179: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclos2019-03-27
OSV
CVE-2018-12179: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclos2019-03-27

📋Vendor Advisories

2
Red Hat
edk2: improper configuration insystem firmware leads to privilege escalation2019-03-27
Debian
CVE-2018-12179: edk2 - Improper configuration in system firmware for EDK II may allow unauthenticated u...2018

💬Community

3
Bugzilla
CVE-2018-12179 CVE-2018-12182 CVE-2018-12183 CVE-2019-0161 edk2: various flaws [fedora-all]2019-03-29
Bugzilla
CVE-2018-12179 edk2: improper configuration insystem firmware leads to privilege escalation2019-03-29
Bugzilla
CVE-2018-12179 CVE-2018-12182 CVE-2018-12183 CVE-2019-0161 edk2: various flaws [epel-all]2019-03-29
CVE-2018-12179 — Improper Access Control | cvebase