CVE-2018-3652

CWE-200 — Information Exposure3 documents3 sources

Severity

7.6HIGH

EPSS

0.1%

top 65.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Corporation Intel Xeon Processor Intel Atom C Intel Xeon +4 more

Timeline

PublishedJul 10

Latest updateMay 13

Description

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 0.9 | Impact: 6.0

Affected Packages7 packages

▶CVEListV5intel_corporation/intel_xeon_processor5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family

▶NVDintel/xeon35 versions+34

▶NVDintel/xeon_e311 versions+10

▶NVDintel/xeon_gold33 versions+32

▶NVDintel/xeon_silver8 versions+7

🔴Vulnerability Details

GHSA

GHSA-jh7f-g95c-2jp7: Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable pr↗2022-05-13

▶

CVEList

CVE-2018-3652: Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable pr↗2018-07-10

▶