cbcvebase.
CVE-2018-12179
published 2019-03-27

CVE-2018-12179: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure…

high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianedk2< edk2 0~20190606.20d2e5a1-2 (bookworm)edk2 0~20190606.20d2e5a1-2 (bookworm)
extensible_firmware_interface_development_kitextensible_firmware_interface_development_kit
tianocoreedk2>= 0 < 0~20190606.20d2e5a1-20~20190606.20d2e5a1-2
tianocoreedk2>= 0 < 0~20190606.20d2e5a1-20~20190606.20d2e5a1-2
tianocoreedk2>= 0 < 0~20190606.20d2e5a1-20~20190606.20d2e5a1-2
tianocoreedk2>= 0 < 0~20190606.20d2e5a1-20~20190606.20d2e5a1-2

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH