Xeon E3
CVE-2018-3652
HIGH
Severity by source
AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
AnalysisAI
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces. Affected products include: Intel Xeon E3, Intel Xeon E3 1220 V5, Intel Xeon E3 1220 V6, Intel Xeon E3 1225 V5, Intel Xeon E3 1225 V6.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized discl
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an atta
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow u
Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an
Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enabl
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today