1.0.0
29. Unauthenticated Firmware Chain-of-Trust Bypass

Description:

Platform sample code firmware included with 4th Gen Intel® Core™ Processor (Haswell), 5th Gen Intel® Core™ Processor (Broadwell), 6th Gen Intel® Core™ Processor (Skylake), 7th Gen Intel® Core™ Processor (Kaby Lake) and 8th Gen Intel® Core™ Processor (Coffee Lake and Cannon Lake) contains a logic error allowing physical attacker to bypass firmware authentication.

Impact

Elevation of Privilege

Severity

High - 7.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Recommendation:

Intel recommends that end-users contact their system manufacturers for updated system firmware.

Acknowledgments:

The issue was reported by Trammell Hudson

References:

CVE-2018-12169
Last modified 1yr ago