CVE-2018-12169

high-risk
Published 2018-09-21

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.6/10 High
PHYSICAL / LOW complexity

Affected Products (20)

Affected Vendors

Intel Lenovo

References (6)

Third Party Advisory http://www.securityfocus.com/bid/105387
Third Party Advisory https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware...
Mitigation https://support.lenovo.com/us/en/solutions/LEN-20527
Third Party Advisory http://www.securityfocus.com/bid/105387
Third Party Advisory https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware...
Mitigation https://support.lenovo.com/us/en/solutions/LEN-20527
57
/ 100
high-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 33/34 · Critical