PT-2018-2697 · Intel · Intel Nuc

Published

2018-10-09

Updated

2019-10-03

CVE-2018-12158

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Intel NUC FW kits versions prior to May 24, 2018

Description The issue is related to insufficient input validation in the BIOS update utility, which may allow a privileged user to trigger a denial of service or information disclosure via local access. This could potentially be exploited to disrupt service or reveal protected information.

Recommendations For Intel NUC FW kits versions prior to May 24, 2018, update the BIOS to a version released after May 24, 2018 to resolve the issue. As a temporary workaround, consider restricting local access to the BIOS update utility to minimize the risk of exploitation.

Fix

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-200

Related Identifiers

BDU:2019-01380

CVE-2018-12158

Affected Products

Intel Nuc

PT-2018-2697 · Intel · Intel Nuc

CVE-2018-12158

Weakness Enumeration

Related Identifiers

Affected Products

References · 4