Sign-up

ID

VAR-201809-0141


CVE

CVE-2018-12176


TITLE

Intel NUC Kit Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014546

DESCRIPTION

Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access. Intel NUC kits are a mini desktop computer produced by Intel Corporation of the United States. A security vulnerability exists in the firmware of the Intel NUC Kits due to the program not properly validating input. The following products are affected: Intel NUC Kit NUC7CJYH ; NUC Kit NUC8i7HNK ; Compute Card CD1M3128MK ; Compute Card CD1IV128MK ; Compute Card CD1P64GK ; NUC Kit NUC7i7DNKE ; NUC Kit NUC7i5DNKE ; NUC Kit NUC7i3DNHE ; NUC Kit NUC7i7BNH ; NUC Kit NUC6CAYS ; NUC Kit DE3815TYBE ; NUC Kit NUC6i5SYH ; NUC Kit NUC6i7KYK ; NUC Kit NUC5PGYH ; NUC Kit NUC5CPYH ; NUC Kit NUC5i7RYH ; NUC Kit NUC5i5MYHE ; NUC Kit NUC5i3MYHE ; NUC Kit DE3815TYBE ; NUC Kit DN2820FYKH ; NUC Kit D54250WYB ; NUC Kit D53427RKE ; NUC Kit D33217GKE ; Compute Stick STK2mv64CC; Compute Stick STK2m3W64CC; Compute Stick STK1AW32SC; Compute Stick STCK1A32WFC

Trust: 1.71

sources: NVD: CVE-2018-12176 // JVNDB: JVNDB-2018-014546 // VULHUB: VHN-122109

AFFECTED PRODUCTS

vendor:intelmodel:compute cardscope:eqversion: -

Trust: 1.0

vendor:intelmodel:nuc kitscope:eqversion: -

Trust: 1.0

vendor:intelmodel:compute stickscope:eqversion: -

Trust: 1.0

vendor:intelmodel:nuc kitscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014546 // NVD: CVE-2018-12176

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12176
value: HIGH

Trust: 1.0

NVD: CVE-2018-12176
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-609
value: HIGH

Trust: 0.6

VULHUB: VHN-122109
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12176
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122109
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12176
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122109 // JVNDB: JVNDB-2018-014546 // CNNVD: CNNVD-201809-609 // NVD: CVE-2018-12176

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-122109 // JVNDB: JVNDB-2018-014546 // NVD: CVE-2018-12176

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201809-609

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201809-609

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014546

PATCH
title:INTEL-SA-00176url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html
Trust: 0.8
title:Intel NUC Kits Fixes for firmware security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84868
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014546 // 
            
            
            
            CNNVD: CNNVD-201809-609

EXTERNAL IDS
db:NVDid:CVE-2018-12176
Trust: 2.5
db:JVNDBid:JVNDB-2018-014546
Trust: 0.8
db:CNNVDid:CNNVD-201809-609
Trust: 0.7
db:VULHUBid:VHN-122109
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122109 // 
            
            
            
            JVNDB: JVNDB-2018-014546 // 
            
            
            
            CNNVD: CNNVD-201809-609 // 
            
            
            
            NVD: CVE-2018-12176

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12176
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12176
Trust: 0.8
sources:
            
            
            VULHUB: VHN-122109 // 
            
            
            
            JVNDB: JVNDB-2018-014546 // 
            
            
            
            CNNVD: CNNVD-201809-609 // 
            
            
            
            NVD: CVE-2018-12176

SOURCES
db:VULHUBid:VHN-122109
db:JVNDBid:JVNDB-2018-014546
db:CNNVDid:CNNVD-201809-609
db:NVDid:CVE-2018-12176

LAST UPDATE DATE
2024-11-23T22:52:00.285000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122109date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014546date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201809-609date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12176date:2024-11-21T03:44:42.123

SOURCES RELEASE DATE
db:VULHUBid:VHN-122109date:2018-09-12T00:00:00
db:JVNDBid:JVNDB-2018-014546date:2019-03-26T00:00:00
db:CNNVDid:CNNVD-201809-609date:2018-09-13T00:00:00
db:NVDid:CVE-2018-12176date:2018-09-12T19:29:02.247