CVE-2018-12173

Name: CVE-2018-12173
Creator: NVD / NIST
Published: 2018-10-10T18:29:04.373+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.41%

Last modified Jun 17, 2026

CVE-2018-12173 is a vulnerability of currently unknown severity. Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.. EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access.

Metrics

EPSS Probability

0.41%

32.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-732

Affected Software

Vendor	Product	Versions
Intel	Server Board S2600bp Firmware	< 00.01.0014
Intel	Server Board S2600wf Firmware	< 00.01.0014
Intel	Server Board S2600st Firmware	< 00.01.0014
Intel	Server Board S2600bpr Firmware	< 00.01.0014
Intel	Server Board S2600wfr Firmware	< 00.01.0014
Intel	Server Board S2600str Firmware	< 00.01.0014
Intel	Compute Module Hns2600bp Firmware	< 00.01.0014
Intel	Compute Module Hns2600bpr Firmware	< 00.01.0014
Intel	Server System R2000wf Firmware	< 00.01.0014
Intel	Server System R1000wf Firmware	< 00.01.0014
Intel	Server System R1000wfr Firmware	< 00.01.0014
Intel	Server System R2000wfr Firmware	< 00.01.0014
Intel	Server System H2000g Firmware	< 00.01.0014
Intel	Server System H2000gr Firmware	< 00.01.0014

References

Timeline

Published: Oct 10, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-12173?

How severe is CVE-2018-12173?

Severity scoring for CVE-2018-12173 is pending analysis. The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.

How do I fix CVE-2018-12173?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-12173?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST