CVE-2018-12172 - OpenCVE

Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Hns7200ap Hns7200ap Firmware Hns7200apr Hns7200apr Firmware S7200ap S7200ap Firmware S7200apr S7200apr Firmware

Configuration 1 [-]

AND

cpe:2.3:h:intel:s7200ap:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s7200ap_firmware:r01.03.0018:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:intel:hns7200ap:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:hns7200ap_firmware:r01.03.0018:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:intel:s7200apr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:s7200apr_firmware:r01.03.0018:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:intel:hns7200apr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:hns7200apr_firmware:r01.03.0018:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2018-10-10T18:00:00Z

Updated: 2024-09-16T21:07:39.400Z

Reserved: 2018-06-11T00:00:00

Link: CVE-2018-12172

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-10-10T18:29:04.280

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-12172

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel Server Board", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "Various"}]}], "datePublic": "2018-10-09T00:00:00", "descriptions": [{"lang": "en", "value": "Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T17:57:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2018-10-09T00:00:00", "ID": "CVE-2018-12172", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel Server Board", "version": {"version_data": [{"version_value": "Various"}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:30:59.833Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2018-12172", "datePublished": "2018-10-10T18:00:00Z", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2024-09-16T21:07:39.400Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:s7200ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF802F5C-8F39-4FC0-8C15-6B8545BDF97F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:intel:s7200ap_firmware:r01.03.0018:*:*:*:*:*:*:*", "matchCriteriaId": "7E769961-87C3-4B7B-81E8-2855B8FA9F2D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:hns7200ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE3E826A-6B5B-4445-9D09-0D3C65276259", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:intel:hns7200ap_firmware:r01.03.0018:*:*:*:*:*:*:*", "matchCriteriaId": "7CEC71FA-3735-477A-8D32-3FD81032F224", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:s7200apr:-:*:*:*:*:*:*:*", "matchCriteriaId": "F73E6B49-70E1-4FC0-9349-9EAFA9B622BA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:intel:s7200apr_firmware:r01.03.0018:*:*:*:*:*:*:*", "matchCriteriaId": "0EBBD550-A13E-41C0-9B07-EE0375D1640C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intel:hns7200apr:-:*:*:*:*:*:*:*", "matchCriteriaId": "254CB73B-6A91-408F-A3C9-D3259BC2EF9F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:intel:hns7200apr_firmware:r01.03.0018:*:*:*:*:*:*:*", "matchCriteriaId": "5C5AE7A3-0455-45CA-AB89-A1C5E6714112", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper password hashing in firmware in Intel Server Board (S7200AP,S7200APR) and Intel Compute Module (HNS7200AP, HNS7200AP) may allow a privileged user to potentially disclose firmware passwords via local access."}, {"lang": "es", "value": "Hasheo de contrase\u00f1as incorrecto en el firmware en Intel Server Board (S7200AP, S7200APR) e Intel Compute Module (HNS7200AP, HNS7200AP) podr\u00eda permitir que un usuario privilegiado divulgue contrase\u00f1as del firmware mediante acceso local."}], "id": "CVE-2018-12172", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-10T18:29:04.280", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}