Vulnerability CVE-2018-3652 - CERT Civis.Net

Vulnerability Name:

CVE-2018-3652 (CCN-146197)

Assigned:

2017-12-28

Published:

2018-07-09

Updated:

2020-04-28

Summary:

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.

CVSS v3 Severity:

7.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Physical Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2018-3652

Source: XF
Type: UNKNOWN
intel-uefi-cve20183652-info-disc(146197)

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20180802-0001/

Source: CCN
Type: INTEL-SA-00127
DCI Policy Update

Source: CONFIRM
Type: Mitigation, Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html

Vulnerable Configuration:

Configuration 1:

cpe:/h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:5115:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:5118:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:5119t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:5120:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:5120t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:5122:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6126:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6126f:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6126t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6128:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6130:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6130f:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6130t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6132:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6134:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6134m:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6136:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6138:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6138f:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6138p:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6138t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6140:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6140m:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6142:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6142f:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6142m:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6144:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6146:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6148:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6148f:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6150:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6152:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_gold:6154:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8153:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8156:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8158:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8160:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8164:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8168:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8170:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8176:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8180:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_platinum:8180m:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4108:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4109t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4110:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4112:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4114:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4114t:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4116:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon_silver:4116t:*:*:*:*:*:*:*

Configuration 3:

cpe:/h:intel:xeon:d-1513n:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1518:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1520:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1521:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1523n:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1527:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1528:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1529:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1531:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1533n:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1537:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1539:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1540:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1541:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1543n:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1548:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1553n:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1557:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1559:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1567:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1571:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-1577:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2123it:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2141i:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2142it:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2143it:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2145nt:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2146nt:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2161i:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2163it:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2166nt:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2173it:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2177nt:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2183it:*:*:*:*:*:*:*

OR cpe:/h:intel:xeon:d-2187nt:*:*:*:*:*:*:*

Configuration 4:

cpe:/h:intel:atom_c:c2308:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2316:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2338:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2350:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2358:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2508:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2516:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2518:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2530:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2538:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2550:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2558:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2718:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2730:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2738:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2750:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c2758:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3308:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3336:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3338:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3508:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3538:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3558:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3708:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3750:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3758:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3808:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3830:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3850:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3858:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3950:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3955:*:*:*:*:*:*:*

OR cpe:/h:intel:atom_c:c3958:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:intel:xeon_3400:*:*:*:*:*:*:*:*

Denotes that component is vulnerable