CVE-2018-12176: Input Validation
First published: Tue Sep 11 2018(Updated: )
Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel NUC Kit firmware | ||
| Intel NUC Kit D33217GKE | ||
| Intel NUC Kit D53427RKE | ||
| Intel NUC board D54250WYB | ||
| Intel NUC DE3815TYBE Firmware | ||
| Intel NUC Kit DN2820FYKH Firmware | ||
| Intel NUC kit NUC5CPYH | ||
| Intel NUC kit nuc5i3myhe firmware | ||
| Intel NUC5i5MYHE | ||
| Intel NUC kit nuc5i7ryh firmware | ||
| Intel NUC5PGYH | ||
| Intel NUC Kit NUC6CAYH | ||
| Intel NUC kit nuc6i5syh firmware | ||
| Intel NUC kit nuc6i7kyk firmware | ||
| Intel NUC kit NUC7CJYHN | ||
| Intel NUC Kit NUC7i3DNHE Firmware | ||
| Intel NUC Kit NUC7i5DNKE Firmware | ||
| Intel NUC NUC7i7BNH | ||
| Intel NUC7i7DNKE Firmware | ||
| Intel NUC 8i7 HNK | ||
| Intel Compute Card Firmware | ||
| Intel CD1IV128MK Firmware | ||
| Intel Compute Card Firmware | ||
| Intel Compute Card Firmware | ||
| Intel Compute Stick Firmware | ||
| Intel Compute Stick STCK1A32WFC Firmware | ||
| Intel Compute Stick STK1AW32SC Firmware | ||
| Intel Compute Stick STK2M3W64CC Firmware | ||
| Intel Compute Stick Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-12176?
CVE-2018-12176 has a medium severity level due to the potential for information disclosure and privilege escalation.
How do I fix CVE-2018-12176?
To fix CVE-2018-12176, update the affected Intel NUC Kit firmware to the latest version provided by Intel.
Who is affected by CVE-2018-12176?
CVE-2018-12176 affects users of certain Intel NUC kits and compute cards with vulnerable firmware.
What types of attacks can CVE-2018-12176 enable?
CVE-2018-12176 may allow attackers to execute arbitrary code, escalate privileges, or cause denial of service via local access.
Is CVE-2018-12176 a remote or local vulnerability?
CVE-2018-12176 is a local vulnerability that requires physical access to the affected device.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/intel
- canonical/intel nuc kit firmware
- canonical/intel nuc kit d33217gke
- canonical/intel nuc kit d53427rke
- canonical/intel nuc board d54250wyb
- canonical/intel nuc de3815tybe firmware
- canonical/intel nuc kit dn2820fykh firmware
- canonical/intel nuc kit nuc5cpyh
- canonical/intel nuc kit nuc5i3myhe firmware
- canonical/intel nuc5i5myhe
- canonical/intel nuc kit nuc5i7ryh firmware
- canonical/intel nuc5pgyh
- canonical/intel nuc kit nuc6cayh
- canonical/intel nuc kit nuc6i5syh firmware
- canonical/intel nuc kit nuc6i7kyk firmware
- canonical/intel nuc kit nuc7cjyhn
- canonical/intel nuc kit nuc7i3dnhe firmware
- canonical/intel nuc kit nuc7i5dnke firmware
- canonical/intel nuc nuc7i7bnh
- canonical/intel nuc7i7dnke firmware
- canonical/intel nuc 8i7 hnk
- canonical/intel compute card firmware
- canonical/intel cd1iv128mk firmware
- canonical/intel compute stick firmware
- canonical/intel compute stick stck1a32wfc firmware
- canonical/intel compute stick stk1aw32sc firmware
- canonical/intel compute stick stk2m3w64cc firmware