A potential security vulnerability in Intel® Server Board firmware may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2018-12173
Description: Insufficient access protection in firmware in Intel® Server Board, Intel® Server System and Intel® Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Below Intel products before firmware version 00.01.0014 are affected.
Intel® Server Board S2600BP Family
Intel® Compute Module HNS2600BP Family
Intel® Server System H2000G Family
Intel® Server Board S2600WF Family
Intel® Server System R2000WF Family
Intel® Server System R1000WF Family
Intel® Server Board S2600ST Family
Intel® Server Board S2600BPR Family
Intel® Compute Module HNS2600BPR Family
Intel® Server System H2000GR Family
Intel® Server Board S2600WFR Family
Intel® Server System R2000WFR Family
Intel® Server System R1000WFR Family
Intel® Server Board S2600STR Family
Intel recommends that users update to the latest version (see provided table).
Product
|
Firmware Download
—|—
Intel® Server Board S2600BP Family
|
Intel® Compute Module HNS2600BP Family
|
Intel® Server Board S2600WF Family
|
Intel® Server System R2000WF Family
|
Intel® Server System R1000WF Family
|
Intel® Server Board S2600ST Family
|
Intel® Server Board S2600BPR Family
|
Intel® Compute Module HNS2600BPR Family
|
Intel® Server Board S2600WFR Family
|
Intel® Server System R2000WFR Family
|
Intel® Server System R1000WFR Family
|
Intel® Server Board S2600STR Family
|
The following issue was found internally by Intel employee. Intel would like to thank Nagaraju N Kodalapura (Security Researcher, IPAS).