CVE-2018-3652

7.6HIGH

Key Information:

Vendor: Intel
Status: Intel Xeon Processor
Vendor: CVE Published:; 10 July 2018

Summary

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.

Affected Version(s)

Intel Xeon Processor 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family

References

https://security.netapp.com/advisory/ntap-20180802-0001/

x_refsource_CONFIRM

https://www.intel.com/content/www/us/en/security-center/a...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
Dec 28, 2017