What is CVE-2018-12173?

CVE-2018-12173 is a high-severity vulnerability in Intel Compute_module_hns2600bp, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 7.6/10. Published 2018-10-10.

How severe is CVE-2018-12173?

High severity. CVSS v3 base score is 7.6 out of 10.

Vulnerability in Intel Compute_module_hns2600bp

CVE-2018-12173

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in info…

EPSS: 0.004 (32.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

secure@intel.com (x_refsource_CONFIRM, Vendor Advisory)
secure@intel.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-12173?: CVE-2018-12173 is a high-severity vulnerability in Intel Compute_module_hns2600bp, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 7.6/10. Published 2018-10-10.
How severe is CVE-2018-12173?: High severity. CVSS v3 base score is 7.6 out of 10.