Details of VAR-201710-0956

ID

VAR-201710-0956

CVE

CVE-2017-5722

TITLE

plural Intel NUC Kit Vulnerabilities related to authorization, authority, and access control in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009423

DESCRIPTION

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. Intel NUC7i3BNK , NUC7i3BNH , NUC7i5BNK , NUC7i5BNH ,and NUC7i7BNH Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelNUC7i3BNK and other products are CPU (Central Processing Unit) products of Intel Corporation of the United States. IntelBootgaurd has a local security bypass vulnerability that can be exploited by local attackers to bypass certain security restrictions. Intel Bootgaurd is prone to a local security-bypass vulnerability. Other attacks are also possible. Intel NUC7i3BNK, etc. Security vulnerabilities exist in the system firmware of several Intel products. The following products and versions are affected: NUC7i3BNK BN0049 and earlier; NUC7i3BNH BN0049 and earlier; NUC7i5BNK BN0049 and earlier; NUC7i5BNH BN0049 and earlier; NUC7i7BNH BN0049 and earlier

Trust: 2.52

sources: NVD: CVE-2017-5722 // JVNDB: JVNDB-2017-009423 // CNVD: CNVD-2017-30427 // BID: 101236 // VULHUB: VHN-113925

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-30427

AFFECTED PRODUCTS

vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	dnkbli5v.86a.0026	Trust: 1.6
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	ccsklm30.86a.0052	Trust: 1.6
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	ccsklm30.86a.0052	Trust: 1.6
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	dnkbli30.86a.0026	Trust: 1.6
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	syskli35.86a.0062	Trust: 1.6
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	dnkbli30.86a.0026	Trust: 1.6
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	kyskli70.86a.0050	Trust: 1.6
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	ayaplcel.86a.0041	Trust: 1.6
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	tybyt20h.86a.0015	Trust: 1.6
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	bnkbl357.86a.0052	Trust: 1.6
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	bnkbl357.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	kyskli70.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	ayaplcel.86a.0041	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	rybdwi35.86a.0366	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	tybyt20h.86a.0015	Trust: 1.0
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	dnkbli5v.86a.0026	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	ccsklm30.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	bnkbl357.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	dnkbli30.86a.0026	Trust: 1.0
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	tybyt20h.86a.0015	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	bnkbl357.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	tybyt20h.86a.0015	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	syskli35.86a.0062	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	dnkbli30.86a.0026	Trust: 1.0
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	ccsklm5v.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	dnkbli5v.86a.0026	Trust: 1.0
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	syskli35.86a.0062	Trust: 1.0
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	rybdwi35.86a.0366	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	syskli35.86a.0062	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	dnkbli5v.86a.0026	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	ccsklm5v.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	ayaplcel.86a.0041	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	tybyt20h.86a.0015	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	bnkbl357.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	dnkbli30.86a.0026	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	ccsklm5v.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	ccsklm5v.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	kyskli70.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	ayaplcel.86a.0041	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	rybdwi35.86a.0366	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	syskli35.86a.0062	Trust: 1.0
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	ccsklm30.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	kyskli70.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	kyskli70.86a.0050	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	dnkbli5v.86a.0026	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	rybdwi35.86a.0366	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	ayaplcel.86a.0041	Trust: 1.0
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	rybdwi35.86a.0366	Trust: 1.0
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	ccsklm30.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	ccsklm5v.86a.0052	Trust: 1.0
vendor:	intel	model:	nuc kit nuc7i3bnh	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i3bnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i5bnh	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i5bnk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7i7bnh	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc7i7bnh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i5bnk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i5bnh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i3bnk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i3bnh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	bn0049	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc7i7bnh	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	nuc7i5bnk	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	nuc7i5bnh	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	nuc7i3bnk	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	nuc7i3bnh	scope:	eq	version:	0	Trust: 0.3
vendor:	intel	model:	bn0049	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-30427 // BID: 101236 // JVNDB: JVNDB-2017-009423 // CNNVD: CNNVD-201710-116 // NVD: CVE-2017-5722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5722
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5722
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-30427
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201710-116
value:	HIGH
Trust: 0.6
VULHUB:	VHN-113925
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-5722
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-30427
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-113925
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5722
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-30427 // VULHUB: VHN-113925 // JVNDB: JVNDB-2017-009423 // CNNVD: CNNVD-201710-116 // NVD: CVE-2017-5722

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-113925 // JVNDB: JVNDB-2017-009423 // NVD: CVE-2017-5722

THREAT TYPE

local

Trust: 0.9

sources: BID: 101236 // CNNVD: CNNVD-201710-116

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201710-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009423

PATCH

title:	INTEL-SA-00084	url:	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr	Trust: 0.8
title:	IntelBootgaurd local security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/103840	Trust: 0.6
title:	Multiple Intel Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75308	Trust: 0.6

sources: CNVD: CNVD-2017-30427 // JVNDB: JVNDB-2017-009423 // CNNVD: CNNVD-201710-116

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5722	Trust: 3.4
db:	BID	id:	101236	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-009423	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-116	Trust: 0.7
db:	CNVD	id:	CNVD-2017-30427	Trust: 0.6
db:	VULHUB	id:	VHN-113925	Trust: 0.1

sources: CNVD: CNVD-2017-30427 // VULHUB: VHN-113925 // BID: 101236 // JVNDB: JVNDB-2017-009423 // CNNVD: CNNVD-201710-116 // NVD: CVE-2017-5722

REFERENCES

url:	http://www.securityfocus.com/bid/101236	Trust: 1.7
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5722	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5722	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5700	Trust: 0.6
url:	http://www.intel.com/	Trust: 0.3
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084	Trust: 0.3
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr	Trust: 0.1

sources: CNVD: CNVD-2017-30427 // VULHUB: VHN-113925 // BID: 101236 // JVNDB: JVNDB-2017-009423 // CNNVD: CNNVD-201710-116 // NVD: CVE-2017-5722

CREDITS

Alex Ermolov of Embedi.

Trust: 0.3

sources: BID: 101236

SOURCES

db:	CNVD	id:	CNVD-2017-30427
db:	VULHUB	id:	VHN-113925
db:	BID	id:	101236
db:	JVNDB	id:	JVNDB-2017-009423
db:	CNNVD	id:	CNNVD-201710-116
db:	NVD	id:	CVE-2017-5722

LAST UPDATE DATE

2024-11-23T21:40:17.027000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-30427	date:	2017-10-17T00:00:00
db:	VULHUB	id:	VHN-113925	date:	2019-10-03T00:00:00
db:	BID	id:	101236	date:	2017-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-009423	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201710-116	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-5722	date:	2024-11-21T03:28:17.983

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-30427	date:	2017-10-17T00:00:00
db:	VULHUB	id:	VHN-113925	date:	2017-10-11T00:00:00
db:	BID	id:	101236	date:	2017-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-009423	date:	2017-11-10T00:00:00
db:	CNNVD	id:	CNNVD-201710-116	date:	2017-10-11T00:00:00
db:	NVD	id:	CVE-2017-5722	date:	2017-10-11T00:29:00.333