How should we interpret CVSS severity scores?

CVSS estimates technical severity, but it does not automatically equal business risk. Prioritize using context like internet exposure, asset criticality, known exploitation, and whether compensating controls exist. A Medium CVSS on an exposed production system can be more urgent than a Critical on an isolated non-production host.

Vulnerability Database

Q: What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

Q: What's the difference between a vulnerability, an exploit, and a zero-day?

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. Risk increases sharply when exploitation becomes reliable or widespread.

Q: Why do vulnerabilities keep reappearing in our environment?

Recurring findings usually come from incomplete asset discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host.

Q: How do we prioritize remediation without burning out the team?

Use a repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress so remediation is steady, not reactive.

Q: How can SynScan help reduce vulnerability risk over time?

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.

328,409

Total vulnerabilities in the database

CVE-2018-3652

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.

Published: Jul 10, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-3652
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.6
AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
intel / xeon_e3	1535m_v6	1535m_v6.x
intel / xeon_e3	1505m_v6	1505m_v6.x
intel / xeon_e3	1585_v5	1585_v5.x
intel / xeon_e3	1585l_v5	1585l_v5.x
intel / xeon_e3	1578l_v5	1578l_v5.x
intel / xeon_e3	1575m_v5	1575m_v5.x
intel / xeon_e3	1565l_v5	1565l_v5.x
intel / xeon_e3	1558l_v5	1558l_v5.x
intel / xeon_e3	1545m_v5	1545m_v5.x
intel / xeon_e3	1535m_v5	1535m_v5.x
intel / xeon_e3	1515m_v5	1515m_v5.x
intel / xeon_silver	4116t	4116t.x
intel / xeon_silver	4116	4116.x
intel / xeon_silver	4114t	4114t.x
intel / xeon_silver	4114	4114.x
intel / xeon_silver	4112	4112.x
intel / xeon_silver	4110	4110.x
intel / xeon_silver	4109t	4109t.x
intel / xeon_silver	4108	4108.x
intel / xeon_gold	6154	6154.x
intel / xeon_gold	6152	6152.x
intel / xeon_gold	6150	6150.x
intel / xeon_gold	6148f	6148f.x
intel / xeon_gold	6148	6148.x
intel / xeon_gold	6146	6146.x
intel / xeon_gold	6144	6144.x
intel / xeon_gold	6142m	6142m.x
intel / xeon_gold	6142f	6142f.x
intel / xeon_gold	6142	6142.x
intel / xeon_gold	6140m	6140m.x
intel / xeon_gold	6140	6140.x
intel / xeon_gold	6138t	6138t.x
intel / xeon_gold	6138f	6138f.x
intel / xeon_gold	6138	6138.x
intel / xeon_gold	6136	6136.x
intel / xeon_gold	6134m	6134m.x
intel / xeon_gold	6134	6134.x
intel / xeon_gold	6132	6132.x
intel / xeon_gold	6130t	6130t.x
intel / xeon_gold	6130f	6130f.x
intel / xeon_gold	6130	6130.x
intel / xeon_gold	6128	6128.x
intel / xeon_gold	6126t	6126t.x
intel / xeon_gold	6126f	6126f.x
intel / xeon_gold	6126	6126.x
intel / xeon_gold	5122	5122.x
intel / xeon_gold	5120t	5120t.x
intel / xeon_gold	5120	5120.x
intel / xeon_gold	5119t	5119t.x
intel / xeon_gold	5118	5118.x
intel / xeon_gold	5115	5115.x
intel / xeon_platinum	8180	8180.x
intel / xeon_platinum	8176m	8176m.x
intel / xeon_platinum	8176f	8176f.x
intel / xeon_platinum	8176	8176.x
intel / xeon_platinum	8170m	8170m.x
intel / xeon_platinum	8170	8170.x
intel / xeon_platinum	8168	8168.x
intel / xeon_platinum	8164	8164.x
intel / xeon_platinum	8160t	8160t.x
intel / xeon_platinum	8160m	8160m.x
intel / xeon_platinum	8160f	8160f.x
intel / xeon_platinum	8160	8160.x
intel / xeon_platinum	8158	8158.x
intel / xeon_platinum	8156	8156.x
intel / xeon_platinum	8153	8153.x
intel / xeon_gold	6138p	6138p.x
intel / xeon_platinum	8180m	8180m.x
intel / xeon	d-2183it	d-2183it.x
intel / xeon	d-2177nt	d-2177nt.x
intel / xeon	d-2173it	d-2173it.x
intel / xeon	d-2166nt	d-2166nt.x
intel / xeon	d-2163it	d-2163it.x
intel / xeon	d-2161i	d-2161i.x
intel / xeon	d-2146nt	d-2146nt.x
intel / xeon	d-2145nt	d-2145nt.x
intel / xeon	d-2143it	d-2143it.x
intel / xeon	d-2142it	d-2142it.x
intel / xeon	d-2141i	d-2141i.x
intel / xeon	d-2123it	d-2123it.x
intel / xeon	d-1577	d-1577.x
intel / xeon	d-1571	d-1571.x
intel / xeon	d-1567	d-1567.x
intel / xeon	d-1559	d-1559.x
intel / xeon	d-1557	d-1557.x
intel / xeon	d-1553n	d-1553n.x
intel / xeon	d-1548	d-1548.x
intel / xeon	d-1543n	d-1543n.x
intel / xeon	d-1541	d-1541.x
intel / xeon	d-1540	d-1540.x
intel / xeon	d-1539	d-1539.x
intel / xeon	d-1537	d-1537.x
intel / xeon	d-1533n	d-1533n.x
intel / xeon	d-1531	d-1531.x
intel / xeon	d-1529	d-1529.x
intel / xeon	d-1528	d-1528.x
intel / xeon	d-1527	d-1527.x
intel / xeon	d-1523n	d-1523n.x
intel / xeon	d-1521	d-1521.x
intel / xeon	d-1520	d-1520.x
intel / xeon	d-1518	d-1518.x
intel / xeon	d-1513n	d-1513n.x
intel / xeon	d-2187nt	d-2187nt.x
intel / atom_c	c3308	c3308.x
intel / atom_c	c3338	c3338.x
intel / atom_c	c3508	c3508.x
intel / atom_c	c3538	c3538.x
intel / atom_c	c3558	c3558.x
intel / atom_c	c3708	c3708.x
intel / atom_c	c3750	c3750.x
intel / atom_c	c3758	c3758.x
intel / atom_c	c3808	c3808.x
intel / atom_c	c3850	c3850.x
intel / atom_c	c3858	c3858.x
intel / atom_c	c3830	c3830.x
intel / atom_c	c3950	c3950.x
intel / atom_c	c3955	c3955.x
intel / atom_c	c3958	c3958.x
intel / atom_c	c2758	c2758.x
intel / atom_c	c2738	c2738.x
intel / atom_c	c2718	c2718.x
intel / atom_c	c2558	c2558.x
intel / atom_c	c2538	c2538.x
intel / atom_c	c2518	c2518.x
intel / atom_c	c2508	c2508.x
intel / atom_c	c2358	c2358.x
intel / atom_c	c2338	c2338.x
intel / atom_c	c2308	c2308.x
intel / atom_c	c2750	c2750.x
intel / atom_c	c2730	c2730.x
intel / atom_c	c2550	c2550.x
intel / atom_c	c2530	c2530.x
intel / atom_c	c2516	c2516.x
intel / atom_c	c2350	c2350.x
intel / atom_c	c2316	c2316.x
intel / atom_c	c3336	c3336.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo

Frequently Asked Questions

What is a Vulnerability (CVE) and why does it matter?

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.