CVE-2018-12179
First published: Wed Mar 27 2019(Updated: )
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tianocore EDK II |
Remedy
https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-12179.
What is the severity of CVE-2018-12179?
The severity of CVE-2018-12179 is high with a severity value of 7.8.
What is affected by CVE-2018-12179?
The Tianocore Edk II system firmware is affected by CVE-2018-12179.
How can an unauthenticated user potentially exploit CVE-2018-12179?
Improper configuration in the system firmware for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure, and/or denial of service via local access.
How can I fix CVE-2018-12179 vulnerability?
To fix CVE-2018-12179 vulnerability, it is recommended to update the system firmware for EDK II to a patched version provided by the vendor.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/tianocore
- canonical/tianocore edk ii