Core I3
CVE-2018-12169
HIGH
Severity by source
AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
AnalysisAI
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. Affected products include: Intel Core I3, Intel Core I5, Intel Core I7, Intel Core I9, Lenovo Thinkpad 11E.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized discl
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an atta
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow u
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentia
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encrypt
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today