Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
References
Link | Resource |
---|---|
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html | Mitigation Vendor Advisory |
https://security.netapp.com/advisory/ntap-20180802-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2018-07-10 14:29
Updated : 2020-04-28 05:17
NVD link : CVE-2018-3652
Mitre link : CVE-2018-3652
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
intel
- xeon_e3_1505l_v5
- atom_c
- xeon_e3
- xeon_bronze_3106
- xeon_e3_1505m_v5
- xeon_e3_1225_v6
- xeon_e3_1225_v5
- xeon_e3_1505l_v6
- xeon_e3_1220_v5
- xeon_e3_1268l_v5
- xeon_e3_1275_v5
- xeon_e3_1245_v5
- xeon_e3_1230_v6
- xeon_e3_1245_v6
- xeon_gold
- xeon_e3_1220_v6
- xeon_e3_1275_v6
- xeon_e3_1280_v5
- xeon_e3_1240_v6
- xeon_e3_1230_v5
- xeon_silver
- xeon_e3_1280_v6
- xeon_e3_1260l_v5
- xeon_platinum
- xeon_bronze_3104
- xeon_e3_1240l_v5
- xeon_e3_1270_v6
- xeon_e3_1285_v6
- xeon_e3_1501l_v6
- xeon_e3_1235l_v5
- xeon_e3_1240_v5
- xeon
- xeon_e3_1270_v5
- xeon_e3_1501m_v6