CVE-2018-12176 : Improper input validation in firmware for Intel NUC Kits may allow a privileged

Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

Published 2018-09-12 19:29:02

Updated 2019-10-03 00:03:26

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Input validationExecute codeDenial of serviceInformation leak

Products affected by CVE-2018-12176

Intel » Nuc Kit Firmware » Version: N/A
cpe:2.3:o:intel:nuc_kit_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Nuc Kit D33217gke » Version: N/A
When used together with: Intel » Nuc Kit D53427rke » Version: N/A
When used together with: Intel » Nuc Kit D54250wyb » Version: N/A
When used together with: Intel » Nuc Kit De3815tybe » Version: N/A
When used together with: Intel » Nuc Kit Dn2820fykh » Version: N/A
When used together with: Intel » Nuc Kit Nuc5cpyh » Version: N/A
When used together with: Intel » Nuc Kit Nuc5i3myhe » Version: N/A
When used together with: Intel » Nuc Kit Nuc5i5myhe » Version: N/A
When used together with: Intel » Nuc Kit Nuc5i7ryh » Version: N/A
When used together with: Intel » Nuc Kit Nuc5pgyh » Version: N/A
When used together with: Intel » Nuc Kit Nuc6cays » Version: N/A
When used together with: Intel » Nuc Kit Nuc6i5syh » Version: N/A
When used together with: Intel » Nuc Kit Nuc6i7kyk » Version: N/A
When used together with: Intel » Nuc Kit Nuc7cjyh » Version: N/A
When used together with: Intel » Nuc Kit Nuc7i3dnhe » Version: N/A
When used together with: Intel » Nuc Kit Nuc7i5dnke » Version: N/A
When used together with: Intel » Nuc Kit Nuc7i7bnh » Version: N/A
When used together with: Intel » Nuc Kit Nuc7i7dnke » Version: N/A
When used together with: Intel » Nuc Kit Nuc8i7hnk » Version: N/A
Intel » Compute Card Firmware » Version: N/A
cpe:2.3:o:intel:compute_card_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Compute Card Cd1iv128mk » Version: N/A
When used together with: Intel » Compute Card Cd1m3128mk » Version: N/A
When used together with: Intel » Compute Card Cd1p64gk » Version: N/A
Intel » Compute Stick Firmware » Version: N/A
cpe:2.3:o:intel:compute_stick_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Compute Stick Stck1a32wfc » Version: N/A
When used together with: Intel » Compute Stick Stk1aw32sc » Version: N/A
When used together with: Intel » Compute Stick Stk2m3w64cc » Version: N/A
When used together with: Intel » Compute Stick Stk2mv64cc » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-12176

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-12176

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.2	HIGH	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	1.5	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-12176

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-12176

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html

INTEL-SA-00176
Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-12176

Products affected by CVE-2018-12176

Exploit prediction scoring system (EPSS) score for CVE-2018-12176

CVSS scores for CVE-2018-12176

CWE ids for CVE-2018-12176

References for CVE-2018-12176