7.8

CVE-2018-3612

Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).

Data is provided by the National Vulnerability Database (NVD)
IntelBios Versionayaplcel.86a
IntelBios Versionbnkbl357.86a
IntelBios Versionccsklm5v.86a
IntelBios Versionccsklm30.86a
IntelBios Versiondnkbli5v.86a
IntelBios Versiondnkbli7v.86a
IntelBios Versiondnkbli30.86a
IntelBios Versionfybyt10h.86a
IntelBios Versiongkaplcpx.86a
IntelBios Versionkyskli70.86a
IntelBios Versionmkkbli5v.86a
IntelBios Versionmkkbly35.86a
IntelBios Versionmybdwi5v.86a
IntelBios Versionmybdwi30.86a
IntelBios Versionrybdwi35.86a
IntelBios Versionsyskli35.86a
IntelBios Versiontybyt10h.86a
IntelAyaplcel.86a Version-
IntelBnkbl357.86a Version-
IntelCcsklm30.86a Version-
IntelCcsklm5v.86a Version-
IntelDnkbli30.86a Version-
IntelDnkbli5v.86a Version-
IntelDnkbli7v.86a Version-
IntelFybyt10h.86a Version-
IntelGkaplcpx.86a Version-
IntelKyskli70.86a Version-
IntelMkkbli5v.86a Version-
IntelMkkbly35.86a Version-
IntelMybdwi30.86a Version-
IntelMybdwi5v.86a Version-
IntelRybdwi35.86a Version-
IntelSyskli35.86a Version-
IntelTybyt10h.86a Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.085
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.