Skip to main content

Incorrect Permission Assignment for Critical Resource

CVE-2018-12173

Severity High
Score 7.6/10

Summary

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

  • LOW
  • PHYSICAL
  • HIGH
  • CHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Advisory Timeline

  • Published