CVE-2018-12176

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2018-12176
Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

8.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:intel:nuc_kit_nuc7i7bnh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_de3815tybe:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc6i7kyk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc5i3myhe:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_d54250wyb:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc6cays:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc6i5syh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_dn2820fykh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_d53427rke:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc5pgyh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc5cpyh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc7i5dnke:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc7i3dnhe:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc5i7ryh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc5i5myhe:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_d33217gke:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc7i7dnke:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc8i7hnk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:intel:compute_card_cd1iv128mk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:compute_card_cd1p64gk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:compute_card_cd1m3128mk:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:intel:compute_stick_stk1aw32sc:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:compute_stick_stk2m3w64cc:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:compute_stick_stck1a32wfc:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:compute_stick_stk2mv64cc:-:*:*:*:*:*:*:*
Information

Published : 2018-09-12 12:29

Updated : 2019-10-02 17:03

NVD link : CVE-2018-12176

Mitre link : CVE-2018-12176

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

intel

  • compute_stick_firmware
  • nuc_kit_nuc7cjyh
  • compute_card_firmware
  • nuc_kit_nuc5pgyh
  • nuc_kit_nuc7i5dnke
  • nuc_kit_d33217gke
  • nuc_kit_dn2820fykh
  • nuc_kit_nuc7i7dnke
  • compute_stick_stck1a32wfc
  • nuc_kit_nuc5i7ryh
  • compute_stick_stk2mv64cc
  • nuc_kit_nuc6i7kyk
  • compute_card_cd1p64gk
  • nuc_kit_nuc7i3dnhe
  • nuc_kit_nuc5i3myhe
  • nuc_kit_de3815tybe
  • compute_card_cd1iv128mk
  • compute_card_cd1m3128mk
  • nuc_kit_nuc6i5syh
  • nuc_kit_nuc7i7bnh
  • nuc_kit_nuc5i5myhe
  • nuc_kit_nuc6cays
  • nuc_kit_nuc8i7hnk
  • compute_stick_stk2m3w64cc
  • nuc_kit_d53427rke
  • nuc_kit_firmware
  • nuc_kit_d54250wyb
  • compute_stick_stk1aw32sc
  • nuc_kit_nuc5cpyh