Vulnerability Name:
CVE-2018-12204 (CCN-158196)
Assigned:
2018-06-11
Published:
2019-03-14
Updated:
2019-10-03
Summary:
Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable an escalation of privilege via local access.
CVSS v3 Severity:
6.7 Medium
(CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
)
5.8 Medium
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
7.5 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
)
6.5 Medium
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
High
User Interaction (UI):
None
Scope:
Scope (S):
Changed
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
7.2 High
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
6.0 Medium
(CCN CVSS v2 Vector:
AV:L/AC:H/Au:S/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
High
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-665
Vulnerability Consequences:
Gain Privileges
References:
Source: MITRE
Type: CNA
CVE-2018-12204
Source: XF
Type: UNKNOWN
lenovo-cve201812204-priv-esc(158196)
Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20190318-0002/
Source: CONFIRM
Type: UNKNOWN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
Source: CONFIRM
Type: UNKNOWN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us
Source: CONFIRM
Type: UNKNOWN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us
Source: CCN
Type: Lenovo Security Advisory: LEN-25085
Intel Firmware Vulnerabilities
Source: CCN
Type: INTEL-SA-00191
Intel Firmware 2018.4 QSR Advisory
Source: CONFIRM
Type: Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-12204
Vulnerable Configuration:
Configuration 1
:
cpe:/o:intel:platform_sample_firmware:-:*:*:*:*:*:*:*
AND
cpe:/h:intel:bbs2600bpb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600bpq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600bps:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600stb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600stq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs7200ap:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs7200apl:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cw2r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cw2sr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cwtr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cwtsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpb24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpblc:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpblc24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpq24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bps:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bps24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600kpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600kpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tp24r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tp24sr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tp24str:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tpnr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200ap:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200apl:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200apr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200aprl:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1208wftys:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1208wt2gsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1208wttgsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wf0ys:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wftys:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wt2gsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wttgsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wf0zs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wfqzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wt2ysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wttyc1r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2224wfqzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2224wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2224wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2308wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2308wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wf0np:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wfqzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600kpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600kpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600kptr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600stb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600stq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tpnr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tptr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wfo:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wfq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wft:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wt2r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wttr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wtts1r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s7200apr:-:*:*:*:*:*:*:*
Configuration 2
:
cpe:/o:intel:silicon_reference_firmware:-:*:*:*:*:*:*:*
AND
cpe:/h:intel:bbs2600bpb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600bpq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600bps:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600stb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs2600stq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs7200ap:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:bbs7200apl:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cw2r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cw2sr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cwtr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:dbs2600cwtsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpb24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpblc:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpblc24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bpq24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bps:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600bps24:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600kpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600kpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tp24r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tp24sr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tp24str:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tpnr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns2600tpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200ap:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200apl:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200apr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:hns7200aprl:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1208wftys:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1208wt2gsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1208wttgsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wf0ys:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wftys:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wt2gsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r1304wttgsr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wf0zs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wfqzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wt2ysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wttyc1r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2208wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2224wfqzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2224wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2224wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2308wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2308wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wf0np:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wfqzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wftzs:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:r2312wttysr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600kpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600kpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600kptr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600stb:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600stq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tpfr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tpnr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tpr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600tptr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wfo:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wfq:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wft:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wt2r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wttr:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s2600wtts1r:-:*:*:*:*:*:*:*
OR
cpe:/h:intel:s7200apr:-:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/h:lenovo:thinkpad_l460:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:thinkpad_t460:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:thinkpad_t460p:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:thinkcentre_m710s:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:thinkcentre_m710t:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:510-15ikl:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:510s-08ikl:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:ideacentre_510-15icb:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:ideacentre_510a-15icb:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:ideacentre_620s-03ikl:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:ideacentre_720-18icb:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:e42-80:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:e52-80:-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:aio300-23isu(c5130):-:*:*:*:*:*:*:*
OR
cpe:/h:lenovo:aio520-22ikl:-:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:com.ubuntu.disco:def:2018122040000000
V
CVE-2018-12204 on Ubuntu 19.04 (disco) - medium.
2019-03-14
oval:com.ubuntu.bionic:def:201812204000
V
CVE-2018-12204 on Ubuntu 18.04 LTS (bionic) - medium.
2019-03-14
oval:com.ubuntu.cosmic:def:2018122040000000
V
CVE-2018-12204 on Ubuntu 18.10 (cosmic) - medium.
2019-03-14
oval:com.ubuntu.cosmic:def:201812204000
V
CVE-2018-12204 on Ubuntu 18.10 (cosmic) - medium.
2019-03-14
oval:com.ubuntu.bionic:def:2018122040000000
V
CVE-2018-12204 on Ubuntu 18.04 LTS (bionic) - medium.
2019-03-14
oval:com.ubuntu.trusty:def:201812204000
V
CVE-2018-12204 on Ubuntu 14.04 LTS (trusty) - medium.
2019-03-14
oval:com.ubuntu.xenial:def:2018122040000000
V
CVE-2018-12204 on Ubuntu 16.04 LTS (xenial) - medium.
2019-03-14
oval:com.ubuntu.xenial:def:201812204000
V
CVE-2018-12204 on Ubuntu 16.04 LTS (xenial) - medium.
2019-03-14
BACK
intel
platform sample firmware -
intel
bbs2600bpb -
intel
bbs2600bpq -
intel
bbs2600bps -
intel
bbs2600stb -
intel
bbs2600stq -
intel
bbs7200ap -
intel
bbs7200apl -
intel
dbs2600cw2r -
intel
dbs2600cw2sr -
intel
dbs2600cwtr -
intel
dbs2600cwtsr -
intel
hns2600bpb -
intel
hns2600bpb24 -
intel
hns2600bpblc -
intel
hns2600bpblc24 -
intel
hns2600bpq -
intel
hns2600bpq24 -
intel
hns2600bps -
intel
hns2600bps24 -
intel
hns2600kpfr -
intel
hns2600kpr -
intel
hns2600tp24r -
intel
hns2600tp24sr -
intel
hns2600tp24str -
intel
hns2600tpfr -
intel
hns2600tpnr -
intel
hns2600tpr -
intel
hns7200ap -
intel
hns7200apl -
intel
hns7200apr -
intel
hns7200aprl -
intel
r1208wftys -
intel
r1208wt2gsr -
intel
r1208wttgsr -
intel
r1304wf0ys -
intel
r1304wftys -
intel
r1304wt2gsr -
intel
r1304wttgsr -
intel
r2208wf0zs -
intel
r2208wfqzs -
intel
r2208wftzs -
intel
r2208wt2ysr -
intel
r2208wttyc1r -
intel
r2208wttysr -
intel
r2224wfqzs -
intel
r2224wftzs -
intel
r2224wttysr -
intel
r2308wftzs -
intel
r2308wttysr -
intel
r2312wf0np -
intel
r2312wfqzs -
intel
r2312wftzs -
intel
r2312wttysr -
intel
s2600kpfr -
intel
s2600kpr -
intel
s2600kptr -
intel
s2600stb -
intel
s2600stq -
intel
s2600tpfr -
intel
s2600tpnr -
intel
s2600tpr -
intel
s2600tptr -
intel
s2600wfo -
intel
s2600wfq -
intel
s2600wft -
intel
s2600wt2r -
intel
s2600wttr -
intel
s2600wtts1r -
intel
s7200apr -
intel
silicon reference firmware -
intel
bbs2600bpb -
intel
bbs2600bpq -
intel
bbs2600bps -
intel
bbs2600stb -
intel
bbs2600stq -
intel
bbs7200ap -
intel
bbs7200apl -
intel
dbs2600cw2r -
intel
dbs2600cw2sr -
intel
dbs2600cwtr -
intel
dbs2600cwtsr -
intel
hns2600bpb -
intel
hns2600bpb24 -
intel
hns2600bpblc -
intel
hns2600bpblc24 -
intel
hns2600bpq -
intel
hns2600bpq24 -
intel
hns2600bps -
intel
hns2600bps24 -
intel
hns2600kpfr -
intel
hns2600kpr -
intel
hns2600tp24r -
intel
hns2600tp24sr -
intel
hns2600tp24str -
intel
hns2600tpfr -
intel
hns2600tpnr -
intel
hns2600tpr -
intel
hns7200ap -
intel
hns7200apl -
intel
hns7200apr -
intel
hns7200aprl -
intel
r1208wftys -
intel
r1208wt2gsr -
intel
r1208wttgsr -
intel
r1304wf0ys -
intel
r1304wftys -
intel
r1304wt2gsr -
intel
r1304wttgsr -
intel
r2208wf0zs -
intel
r2208wfqzs -
intel
r2208wftzs -
intel
r2208wt2ysr -
intel
r2208wttyc1r -
intel
r2208wttysr -
intel
r2224wfqzs -
intel
r2224wftzs -
intel
r2224wttysr -
intel
r2308wftzs -
intel
r2308wttysr -
intel
r2312wf0np -
intel
r2312wfqzs -
intel
r2312wftzs -
intel
r2312wttysr -
intel
s2600kpfr -
intel
s2600kpr -
intel
s2600kptr -
intel
s2600stb -
intel
s2600stq -
intel
s2600tpfr -
intel
s2600tpnr -
intel
s2600tpr -
intel
s2600tptr -
intel
s2600wfo -
intel
s2600wfq -
intel
s2600wft -
intel
s2600wt2r -
intel
s2600wttr -
intel
s2600wtts1r -
intel
s7200apr -
lenovo
thinkpad l460 -
lenovo
thinkpad t460 -
lenovo
thinkpad t460p -
lenovo
thinkcentre m710s -
lenovo
thinkcentre m710t -
lenovo
510-15ikl -
lenovo
510s-08ikl -
lenovo
ideacentre 510-15icb -
lenovo
ideacentre 510a-15icb -
lenovo
ideacentre 620s-03ikl -
lenovo
ideacentre 720-18icb -
lenovo
e42-80 -
lenovo
e52-80 -
lenovo
aio300-23isu(c5130) -
lenovo
aio520-22ikl -
Denotes that component is vulnerable