ID

VAR-201710-0955


CVE

CVE-2017-5721


TITLE

plural Intel NUC Kit Input Confirmation Vulnerability in Product Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009422

DESCRIPTION

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. Intel NUC7i3BNK , NUC7i3BNH , NUC7i5BNK , NUC7i5BNH ,and NUC7i7BNH Contains an input validation vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. IntelNUC7i3BNK and other products are CPU (Central Processing Unit) products of Intel Corporation of the United States. An attacker could exploit the vulnerability to exploit arbitrary code by manipulating memory. Intel NUC7i3BNK, etc. The following products and versions are affected: NUC7i3BNK BN0049 and earlier; NUC7i3BNH BN0049 and earlier; NUC7i5BNK BN0049 and earlier; NUC7i5BNH BN0049 and earlier; NUC7i7BNH BN0049 and earlier

Trust: 2.25

sources: NVD: CVE-2017-5721 // JVNDB: JVNDB-2017-009422 // CNVD: CNVD-2017-30486 // VULHUB: VHN-113924

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-30486

AFFECTED PRODUCTS

vendor:intelmodel:nuc7i3bnkscope:eqversion:tybyt20h.86a.0015

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:dnkbli5v.86a.0026

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:ccsklm30.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:dnkbli30.86a.0026

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:syskli35.86a.0062

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:ayaplcel.86a.0041

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:ccsklm5v.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:bnkbl357.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:kyskli70.86a.0050

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:rybdwi35.86a.0366

Trust: 1.6

vendor:intelmodel:nuc7i5bnkscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc kit nuc7i3bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i3bnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5bnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i5bnkscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i5bnhscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i3bnkscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i3bnhscope: - version: -

Trust: 0.6

vendor:intelmodel:bn0049scope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i7bnhscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-30486 // JVNDB: JVNDB-2017-009422 // CNNVD: CNNVD-201710-117 // NVD: CVE-2017-5721

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5721
value: HIGH

Trust: 1.0

NVD: CVE-2017-5721
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-30486
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-117
value: MEDIUM

Trust: 0.6

VULHUB: VHN-113924
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5721
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-30486
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-113924
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5721
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-30486 // VULHUB: VHN-113924 // JVNDB: JVNDB-2017-009422 // CNNVD: CNNVD-201710-117 // NVD: CVE-2017-5721

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-113924 // JVNDB: JVNDB-2017-009422 // NVD: CVE-2017-5721

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201710-117

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201710-117

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009422

PATCH

title:INTEL-SA-00084url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr

Trust: 0.8

title:Intel NUC Suite SMM Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/103860

Trust: 0.6

title:Multiple Intel Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75309

Trust: 0.6

sources: CNVD: CNVD-2017-30486 // JVNDB: JVNDB-2017-009422 // CNNVD: CNNVD-201710-117

EXTERNAL IDS

db:NVDid:CVE-2017-5721

Trust: 3.1

db:JVNDBid:JVNDB-2017-009422

Trust: 0.8

db:CNNVDid:CNNVD-201710-117

Trust: 0.7

db:CNVDid:CNVD-2017-30486

Trust: 0.6

db:VULHUBid:VHN-113924

Trust: 0.1

sources: CNVD: CNVD-2017-30486 // VULHUB: VHN-113924 // JVNDB: JVNDB-2017-009422 // CNNVD: CNNVD-201710-117 // NVD: CVE-2017-5721

REFERENCES

url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5721

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-5721

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-5700

Trust: 0.6

url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr

Trust: 0.1

sources: CNVD: CNVD-2017-30486 // VULHUB: VHN-113924 // JVNDB: JVNDB-2017-009422 // CNNVD: CNNVD-201710-117 // NVD: CVE-2017-5721

SOURCES

db:CNVDid:CNVD-2017-30486
db:VULHUBid:VHN-113924
db:JVNDBid:JVNDB-2017-009422
db:CNNVDid:CNNVD-201710-117
db:NVDid:CVE-2017-5721

LAST UPDATE DATE

2024-08-14T14:33:24.741000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-30486date:2017-10-18T00:00:00
db:VULHUBid:VHN-113924date:2017-11-03T00:00:00
db:JVNDBid:JVNDB-2017-009422date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-117date:2017-10-11T00:00:00
db:NVDid:CVE-2017-5721date:2017-11-03T17:54:26.907

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-30486date:2017-10-18T00:00:00
db:VULHUBid:VHN-113924date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2017-009422date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-117date:2017-10-11T00:00:00
db:NVDid:CVE-2017-5721date:2017-10-11T00:29:00.303