Sign-up

ID

VAR-201710-0954


CVE

CVE-2017-5700


TITLE

plural Intel NUC Kit Vulnerabilities related to certificate and password management in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009420

DESCRIPTION

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. Intel NUC7i3BNK , NUC7i3BNH , NUC7i5BNK , NUC7i5BNH ,and NUC7i7BNH Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelBootgaurd has a local security bypass vulnerability that can be exploited by local attackers to bypass certain security restrictions. IntelNUC7i3BNK and other products are CPU (Central Processing Unit) products of Intel Corporation of the United States. A privilege elevation vulnerability exists in system firmware in several Intel products due to insufficient verification input by the program. An attacker could exploit the vulnerability to exploit arbitrary code by manipulating memory. Intel NUC is a powerful 4x4 inch micro PC with entertainment, gaming and work features, a customizable motherboard that supports all the memory, storage and operating systems you need. Multiple Intel products are prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Intel NUC7i3BNK, etc. The following products and versions are affected: NUC7i3BNK BN0049 and earlier; NUC7i3BNH BN0049 and earlier; NUC7i5BNK BN0049 and earlier; NUC7i5BNH BN0049 and earlier; NUC7i7BNH BN0049 and earlier

Trust: 4.14

sources: NVD: CVE-2017-5700 // JVNDB: JVNDB-2017-009420 // CNVD: CNVD-2017-30427 // CNVD: CNVD-2017-30486 // CNVD: CNVD-2017-30485 // CNVD: CNVD-2017-30481 // BID: 101241 // VULHUB: VHN-113903

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 2.4

sources: CNVD: CNVD-2017-30427 // CNVD: CNVD-2017-30486 // CNVD: CNVD-2017-30485 // CNVD: CNVD-2017-30481

AFFECTED PRODUCTS

vendor:intelmodel:nuc7i7bnhscope: - version: -

Trust: 2.4

vendor:intelmodel:nuc7i5bnkscope: - version: -

Trust: 2.4

vendor:intelmodel:nuc7i5bnhscope: - version: -

Trust: 2.4

vendor:intelmodel:nuc7i3bnkscope: - version: -

Trust: 2.4

vendor:intelmodel:nuc7i3bnhscope: - version: -

Trust: 2.4

vendor:intelmodel:bn0049scope: - version: -

Trust: 2.4

vendor:intelmodel:nuc7i3bnkscope:eqversion:tybyt20h.86a.0015

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:dnkbli5v.86a.0026

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:ccsklm30.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:syskli35.86a.0062

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:ayaplcel.86a.0041

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:ccsklm5v.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:bnkbl357.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:kyskli70.86a.0050

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:rybdwi35.86a.0366

Trust: 1.6

vendor:intelmodel:nuc7i3bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc kit nuc7i3bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i3bnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5bnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i7bnh bn0049scope: - version: -

Trust: 0.3

vendor:intelmodel:nuc7i5bnk bn0049scope: - version: -

Trust: 0.3

vendor:intelmodel:nuc7i5bnh bn0049scope: - version: -

Trust: 0.3

vendor:intelmodel:nuc7i3bnk bn0049scope: - version: -

Trust: 0.3

vendor:intelmodel:nuc7i3bnh bn0049scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2017-30427 // CNVD: CNVD-2017-30486 // CNVD: CNVD-2017-30485 // CNVD: CNVD-2017-30481 // BID: 101241 // JVNDB: JVNDB-2017-009420 // CNNVD: CNNVD-201710-119 // NVD: CVE-2017-5700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5700
value: HIGH

Trust: 1.0

NVD: CVE-2017-5700
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-30427
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-30486
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-30485
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-30481
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-119
value: HIGH

Trust: 0.6

VULHUB: VHN-113903
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5700
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-30427
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2017-30486
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2017-30485
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2017-30481
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-113903
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5700
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-30427 // CNVD: CNVD-2017-30486 // CNVD: CNVD-2017-30485 // CNVD: CNVD-2017-30481 // VULHUB: VHN-113903 // JVNDB: JVNDB-2017-009420 // CNNVD: CNNVD-201710-119 // NVD: CVE-2017-5700

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-113903 // JVNDB: JVNDB-2017-009420 // NVD: CVE-2017-5700

THREAT TYPE

local

Trust: 0.9

sources: BID: 101241 // CNNVD: CNNVD-201710-119

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201710-119

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009420

PATCH
title:INTEL-SA-00084url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr
Trust: 0.8
title:IntelBootgaurd local security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/103840
Trust: 0.6
title:Intel NUC Suite SMM Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/103860
Trust: 0.6
title:IntelSPIWriteProtection local security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/103862
Trust: 0.6
title:Intel NUC Suite Password Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/103866
Trust: 0.6
title:Multiple Intel Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75311
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-30427 // 
            
            
            
            CNVD: CNVD-2017-30486 // 
            
            
            
            CNVD: CNVD-2017-30485 // 
            
            
            
            CNVD: CNVD-2017-30481 // 
            
            
            
            JVNDB: JVNDB-2017-009420 // 
            
            
            
            CNNVD: CNNVD-201710-119

EXTERNAL IDS
db:NVDid:CVE-2017-5700
Trust: 5.2
db:BIDid:101241
Trust: 2.6
db:JVNDBid:JVNDB-2017-009420
Trust: 0.8
db:CNNVDid:CNNVD-201710-119
Trust: 0.7
db:BIDid:101236
Trust: 0.6
db:CNVDid:CNVD-2017-30427
Trust: 0.6
db:CNVDid:CNVD-2017-30486
Trust: 0.6
db:BIDid:101257
Trust: 0.6
db:CNVDid:CNVD-2017-30485
Trust: 0.6
db:CNVDid:CNVD-2017-30481
Trust: 0.6
db:VULHUBid:VHN-113903
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-30427 // 
            
            
            
            CNVD: CNVD-2017-30486 // 
            
            
            
            CNVD: CNVD-2017-30485 // 
            
            
            
            CNVD: CNVD-2017-30481 // 
            
            
            
            VULHUB: VHN-113903 // 
            
            
            
            BID: 101241 // 
            
            
            
            JVNDB: JVNDB-2017-009420 // 
            
            
            
            CNNVD: CNNVD-201710-119 // 
            
            
            
            NVD: CVE-2017-5700

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2017-5700
Trust: 3.2
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr
Trust: 1.9
url:http://www.securityfocus.com/bid/101241
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5700
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-30427 // 
            
            
            
            CNVD: CNVD-2017-30486 // 
            
            
            
            CNVD: CNVD-2017-30485 // 
            
            
            
            CNVD: CNVD-2017-30481 // 
            
            
            
            VULHUB: VHN-113903 // 
            
            
            
            BID: 101241 // 
            
            
            
            JVNDB: JVNDB-2017-009420 // 
            
            
            
            CNNVD: CNNVD-201710-119 // 
            
            
            
            NVD: CVE-2017-5700

CREDITS
Nikolaj Schlej
Trust: 0.3
sources:
            
            
            BID: 101241

SOURCES
db:CNVDid:CNVD-2017-30427
db:CNVDid:CNVD-2017-30486
db:CNVDid:CNVD-2017-30485
db:CNVDid:CNVD-2017-30481
db:VULHUBid:VHN-113903
db:BIDid:101241
db:JVNDBid:JVNDB-2017-009420
db:CNNVDid:CNNVD-201710-119
db:NVDid:CVE-2017-5700

LAST UPDATE DATE
2024-11-23T21:40:17.100000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-30427date:2017-10-17T00:00:00
db:CNVDid:CNVD-2017-30486date:2017-10-18T00:00:00
db:CNVDid:CNVD-2017-30485date:2017-10-18T00:00:00
db:CNVDid:CNVD-2017-30481date:2017-10-18T00:00:00
db:VULHUBid:VHN-113903date:2019-10-03T00:00:00
db:BIDid:101241date:2017-10-06T00:00:00
db:JVNDBid:JVNDB-2017-009420date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-119date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5700date:2024-11-21T03:28:14.903

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-30427date:2017-10-17T00:00:00
db:CNVDid:CNVD-2017-30486date:2017-10-18T00:00:00
db:CNVDid:CNVD-2017-30485date:2017-10-18T00:00:00
db:CNVDid:CNVD-2017-30481date:2017-10-18T00:00:00
db:VULHUBid:VHN-113903date:2017-10-11T00:00:00
db:BIDid:101241date:2017-10-06T00:00:00
db:JVNDBid:JVNDB-2017-009420date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-119date:2017-10-11T00:00:00
db:NVDid:CVE-2017-5700date:2017-10-11T00:29:00.207