CVE-2018-12169

Name: CVE-2018-12169
Creator: NVD / NIST
Published: 2018-09-21T20:29:00.233+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.55%

Last modified Jun 17, 2026

CVE-2018-12169 is a vulnerability of currently unknown severity. Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.. EPSS estimates a 0.55% chance of exploitation in the next 30 days.

Description

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

Metrics

EPSS Probability

0.55%

41.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Intel	Core I3	4000m
Intel	Core I3	4005u
Intel	Core I3	4010u
Intel	Core I3	4010y
Intel	Core I3	4012y
Intel	Core I3	4020y
Intel	Core I3	4025u
Intel	Core I3	4030u
Intel	Core I3	4030y
Intel	Core I3	4100e
Intel	Core I3	4100m
Intel	Core I3	4100u
Intel	Core I3	4102e
Intel	Core I3	4110e
Intel	Core I3	4110m
Intel	Core I3	4112e
Intel	Core I3	4120u
Intel	Core I3	4130
Intel	Core I3	4130t
Intel	Core I3	4150
Intel	Core I3	4150t
Intel	Core I3	4158u
Intel	Core I3	4160
Intel	Core I3	4160t
Intel	Core I3	4170
Intel	Core I3	4170t
Intel	Core I3	4330
Intel	Core I3	4330t
Intel	Core I3	4330te
Intel	Core I3	4340
Intel	Core I3	4340te
Intel	Core I3	4350
Intel	Core I3	4350t
Intel	Core I3	4360
Intel	Core I3	4360t
Intel	Core I3	4370
Intel	Core I3	4370t
Intel	Core I3	5005u
Intel	Core I3	5010u
Intel	Core I3	5015u
Intel	Core I3	5020u
Intel	Core I3	5157u
Intel	Core I3	6006u
Intel	Core I3	6098p
Intel	Core I3	6100
Intel	Core I3	6100e
Intel	Core I3	6100h
Intel	Core I3	6100t
Intel	Core I3	6100te
Intel	Core I3	6100u

Showing 50 of 345 affected configurations. See NVD for the full list.

References

http://www.securityfocus.com/bid/105387Third Party Advisory, VDB Entry
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.htmlThird Party Advisory
https://support.lenovo.com/us/en/solutions/LEN-20527Mitigation, Third Party Advisory
http://www.securityfocus.com/bid/105387Third Party Advisory, VDB Entry
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.htmlThird Party Advisory
https://support.lenovo.com/us/en/solutions/LEN-20527Mitigation, Third Party Advisory

Timeline

Published: Sep 21, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-12169?

How severe is CVE-2018-12169?

Severity scoring for CVE-2018-12169 is pending analysis. The EPSS model estimates a 0.55% probability of exploitation in the next 30 days.

How do I fix CVE-2018-12169?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-12169?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST