CVE-2018-12204 - Vulnerability Details

Description

Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable an escalation of privilege via local access.

Published: 2019-03-14

Score: 6.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Intel Corporation

Intel Platform Sample / Silicon Reference firmware

affected

Version	Status	Constraints
`Multiple versions.`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:intel:platform_sample_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:bbs2600bpb:-:::::::*
	cpe:2.3:h:intel:bbs2600bpq:-:::::::*
	cpe:2.3:h:intel:bbs2600bps:-:::::::*
	cpe:2.3:h:intel:bbs2600stb:-:::::::*
	cpe:2.3:h:intel:bbs2600stq:-:::::::*
	cpe:2.3:h:intel:bbs7200ap:-:::::::*
	cpe:2.3:h:intel:bbs7200apl:-:::::::*
	cpe:2.3:h:intel:dbs2600cw2r:-:::::::*
	cpe:2.3:h:intel:dbs2600cw2sr:-:::::::*
	cpe:2.3:h:intel:dbs2600cwtr:-:::::::*
	cpe:2.3:h:intel:dbs2600cwtsr:-:::::::*
	cpe:2.3:h:intel:hns2600bpb:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc24:-:::::::*
	cpe:2.3:h:intel:hns2600bpq:-:::::::*
	cpe:2.3:h:intel:hns2600bpq24:-:::::::*
	cpe:2.3:h:intel:hns2600bps:-:::::::*
	cpe:2.3:h:intel:hns2600bps24:-:::::::*
	cpe:2.3:h:intel:hns2600kpfr:-:::::::*
	cpe:2.3:h:intel:hns2600kpr:-:::::::*
	cpe:2.3:h:intel:hns2600tp24r:-:::::::*
	cpe:2.3:h:intel:hns2600tp24sr:-:::::::*
	cpe:2.3:h:intel:hns2600tp24str:-:::::::*
	cpe:2.3:h:intel:hns2600tpfr:-:::::::*
	cpe:2.3:h:intel:hns2600tpnr:-:::::::*
	cpe:2.3:h:intel:hns2600tpr:-:::::::*
	cpe:2.3:h:intel:hns7200ap:-:::::::*
	cpe:2.3:h:intel:hns7200apl:-:::::::*
	cpe:2.3:h:intel:hns7200apr:-:::::::*
	cpe:2.3:h:intel:hns7200aprl:-:::::::*
	cpe:2.3:h:intel:r1208wftys:-:::::::*
	cpe:2.3:h:intel:r1208wt2gsr:-:::::::*
	cpe:2.3:h:intel:r1208wttgsr:-:::::::*
	cpe:2.3:h:intel:r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:r1304wftys:-:::::::*
	cpe:2.3:h:intel:r1304wt2gsr:-:::::::*
	cpe:2.3:h:intel:r1304wttgsr:-:::::::*
	cpe:2.3:h:intel:r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:r2208wftzs:-:::::::*
	cpe:2.3:h:intel:r2208wt2ysr:-:::::::*
	cpe:2.3:h:intel:r2208wttyc1r:-:::::::*
	cpe:2.3:h:intel:r2208wttysr:-:::::::*
	cpe:2.3:h:intel:r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:r2224wftzs:-:::::::*
	cpe:2.3:h:intel:r2224wttysr:-:::::::*
	cpe:2.3:h:intel:r2308wftzs:-:::::::*
	cpe:2.3:h:intel:r2308wttysr:-:::::::*
	cpe:2.3:h:intel:r2312wf0np:-:::::::*
	cpe:2.3:h:intel:r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:r2312wftzs:-:::::::*
	cpe:2.3:h:intel:r2312wttysr:-:::::::*
	cpe:2.3:h:intel:s2600kpfr:-:::::::*
	cpe:2.3:h:intel:s2600kpr:-:::::::*
	cpe:2.3:h:intel:s2600kptr:-:::::::*
	cpe:2.3:h:intel:s2600stb:-:::::::*
	cpe:2.3:h:intel:s2600stq:-:::::::*
	cpe:2.3:h:intel:s2600tpfr:-:::::::*
	cpe:2.3:h:intel:s2600tpnr:-:::::::*
	cpe:2.3:h:intel:s2600tpr:-:::::::*
	cpe:2.3:h:intel:s2600tptr:-:::::::*
	cpe:2.3:h:intel:s2600wfo:-:::::::*
	cpe:2.3:h:intel:s2600wfq:-:::::::*
cpe:2.3:h:intel:s2600wft:-:::::::*
cpe:2.3:h:intel:s2600wt2r:-:::::::*
cpe:2.3:h:intel:s2600wttr:-:::::::*
cpe:2.3:h:intel:s2600wtts1r:-:::::::*
cpe:2.3:h:intel:s7200apr:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:intel:silicon_reference_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:bbs2600bpb:-:::::::*
	cpe:2.3:h:intel:bbs2600bpq:-:::::::*
	cpe:2.3:h:intel:bbs2600bps:-:::::::*
	cpe:2.3:h:intel:bbs2600stb:-:::::::*
	cpe:2.3:h:intel:bbs2600stq:-:::::::*
	cpe:2.3:h:intel:bbs7200ap:-:::::::*
	cpe:2.3:h:intel:bbs7200apl:-:::::::*
	cpe:2.3:h:intel:dbs2600cw2r:-:::::::*
	cpe:2.3:h:intel:dbs2600cw2sr:-:::::::*
	cpe:2.3:h:intel:dbs2600cwtr:-:::::::*
	cpe:2.3:h:intel:dbs2600cwtsr:-:::::::*
	cpe:2.3:h:intel:hns2600bpb:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc24:-:::::::*
	cpe:2.3:h:intel:hns2600bpq:-:::::::*
	cpe:2.3:h:intel:hns2600bpq24:-:::::::*
	cpe:2.3:h:intel:hns2600bps:-:::::::*
	cpe:2.3:h:intel:hns2600bps24:-:::::::*
	cpe:2.3:h:intel:hns2600kpfr:-:::::::*
	cpe:2.3:h:intel:hns2600kpr:-:::::::*
	cpe:2.3:h:intel:hns2600tp24r:-:::::::*
	cpe:2.3:h:intel:hns2600tp24sr:-:::::::*
	cpe:2.3:h:intel:hns2600tp24str:-:::::::*
	cpe:2.3:h:intel:hns2600tpfr:-:::::::*
	cpe:2.3:h:intel:hns2600tpnr:-:::::::*
	cpe:2.3:h:intel:hns2600tpr:-:::::::*
	cpe:2.3:h:intel:hns7200ap:-:::::::*
	cpe:2.3:h:intel:hns7200apl:-:::::::*
	cpe:2.3:h:intel:hns7200apr:-:::::::*
	cpe:2.3:h:intel:hns7200aprl:-:::::::*
	cpe:2.3:h:intel:r1208wftys:-:::::::*
	cpe:2.3:h:intel:r1208wt2gsr:-:::::::*
	cpe:2.3:h:intel:r1208wttgsr:-:::::::*
	cpe:2.3:h:intel:r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:r1304wftys:-:::::::*
	cpe:2.3:h:intel:r1304wt2gsr:-:::::::*
	cpe:2.3:h:intel:r1304wttgsr:-:::::::*
	cpe:2.3:h:intel:r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:r2208wftzs:-:::::::*
	cpe:2.3:h:intel:r2208wt2ysr:-:::::::*
	cpe:2.3:h:intel:r2208wttyc1r:-:::::::*
	cpe:2.3:h:intel:r2208wttysr:-:::::::*
	cpe:2.3:h:intel:r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:r2224wftzs:-:::::::*
	cpe:2.3:h:intel:r2224wttysr:-:::::::*
	cpe:2.3:h:intel:r2308wftzs:-:::::::*
	cpe:2.3:h:intel:r2308wttysr:-:::::::*
	cpe:2.3:h:intel:r2312wf0np:-:::::::*
	cpe:2.3:h:intel:r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:r2312wftzs:-:::::::*
	cpe:2.3:h:intel:r2312wttysr:-:::::::*
	cpe:2.3:h:intel:s2600kpfr:-:::::::*
	cpe:2.3:h:intel:s2600kpr:-:::::::*
	cpe:2.3:h:intel:s2600kptr:-:::::::*
	cpe:2.3:h:intel:s2600stb:-:::::::*
	cpe:2.3:h:intel:s2600stq:-:::::::*
	cpe:2.3:h:intel:s2600tpfr:-:::::::*
	cpe:2.3:h:intel:s2600tpnr:-:::::::*
	cpe:2.3:h:intel:s2600tpr:-:::::::*
	cpe:2.3:h:intel:s2600tptr:-:::::::*
	cpe:2.3:h:intel:s2600wfo:-:::::::*
	cpe:2.3:h:intel:s2600wfq:-:::::::*
cpe:2.3:h:intel:s2600wft:-:::::::*
cpe:2.3:h:intel:s2600wt2r:-:::::::*
cpe:2.3:h:intel:s2600wttr:-:::::::*
cpe:2.3:h:intel:s2600wtts1r:-:::::::*
cpe:2.3:h:intel:s7200apr:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2018-4182	Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable an escalation of privilege via local access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.0015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://security.netapp.com/advisory/ntap-20190318-0002/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html

History

No history.

Subscriptions

Intel Bbs2600bpb Bbs2600bpq Bbs2600bps Bbs2600stb Bbs2600stq Bbs7200ap Bbs7200apl Dbs2600cw2r Dbs2600cw2sr Dbs2600cwtr Dbs2600cwtsr Hns2600bpb Hns2600bpb24 Hns2600bpblc Hns2600bpblc24 Hns2600bpq Hns2600bpq24 Hns2600bps Hns2600bps24 Hns2600kpfr Hns2600kpr Hns2600tp24r Hns2600tp24sr Hns2600tp24str Hns2600tpfr Hns2600tpnr Hns2600tpr Hns7200ap Hns7200apl Hns7200apr Hns7200aprl Platform Sample Firmware R1208wftys R1208wt2gsr R1208wttgsr R1304wf0ys R1304wftys R1304wt2gsr R1304wttgsr R2208wf0zs R2208wfqzs R2208wftzs R2208wt2ysr R2208wttyc1r R2208wttysr R2224wfqzs R2224wftzs R2224wttysr R2308wftzs R2308wttysr R2312wf0np R2312wfqzs R2312wftzs R2312wttysr S2600kpfr S2600kpr S2600kptr S2600stb S2600stq S2600tpfr S2600tpnr S2600tpr S2600tptr S2600wfo S2600wfq S2600wft S2600wt2r S2600wttr S2600wtts1r S7200apr Silicon Reference Firmware

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2019-03-14T20:00:00.000Z

Updated: 2024-09-16T23:42:04.799Z

Reserved: 2018-06-11T00:00:00.000Z

Link: CVE-2018-12204

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-14T20:29:00.770

Modified: 2024-11-21T03:44:44.900

Link: CVE-2018-12204

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-665

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object