Logic Error in 4th to 8th Generation Intel Core Processors Allows Firmware Authentication Bypass
CVE-2018-12169

7.6HIGH

Key Information:

Vendor

Intel
Status
Core I3
Vendor
CVE Published:
21 September 2018

What is CVE-2018-12169?

A logic error in the platform sample code firmware of Intel's 4th through 8th Generation Core Processors can potentially be exploited by a physical attacker. This flaw may allow unauthorized users to bypass essential firmware authentication mechanisms, posing a risk to the integrity of the device's firmware security. Users are advised to implement safeguards and stay informed on updates addressing this vulnerability.

References

http://www.securityfocus.com/bid/105387
vdb-entryx_refsource_BID
https://support.lenovo.com/us/en/solutions/LEN-20527
x_refsource_CONFIRM
https://edk2-docs.gitbooks.io/security-advisory/content/u...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.