Sign-up

ID

VAR-201710-0957


CVE

CVE-2017-5701


TITLE

plural Intel NUC Kit Vulnerabilities related to authorization, authority, and access control in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009421

DESCRIPTION

Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. Intel NUC7i3BNK , NUC7i3BNH , NUC7i5BNK , NUC7i5BNH ,and NUC7i7BNH Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelNUC7i3BNK and other products are CPU (Central Processing Unit) products of Intel Corporation of the United States. IntelSPIWriteProtection has a local security bypass vulnerability that can be exploited by local attackers to bypass certain security restrictions. Intel Bootgaurd is prone to a local security-bypass vulnerability. Other attacks are also possible. Intel NUC7i3BNK, etc. An attacker could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: NUC7i3BNK BN0049 and earlier; NUC7i3BNH BN0049 and earlier; NUC7i5BNK BN0049 and earlier; NUC7i5BNH BN0049 and earlier; NUC7i7BNH BN0049 and earlier

Trust: 2.52

sources: NVD: CVE-2017-5701 // JVNDB: JVNDB-2017-009421 // CNVD: CNVD-2017-30485 // BID: 101257 // VULHUB: VHN-113904

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-30485

AFFECTED PRODUCTS

vendor:intelmodel:nuc7i5bnkscope:eqversion:ccsklm5v.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:tybyt20h.86a.0015

Trust: 1.6

vendor:intelmodel:nuc7i5bnkscope:eqversion:bnkbl357.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i5bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:syskli35.86a.0062

Trust: 1.6

vendor:intelmodel:nuc7i5bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i5bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i5bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.6

vendor:intelmodel:nuc7i5bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.6

vendor:intelmodel:nuc7i3bnkscope:eqversion:rybdwi35.86a.0366

Trust: 1.6

vendor:intelmodel:nuc7i3bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:bnkbl357.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:dnkbli5v.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:tybyt20h.86a.0015

Trust: 1.0

vendor:intelmodel:nuc7i3bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:dnkbli30.86a.0026

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:ccsklm5v.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i5bnhscope:eqversion:syskli35.86a.0062

Trust: 1.0

vendor:intelmodel:nuc7i5bnkscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:kyskli70.86a.0050

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:rybdwi35.86a.0366

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i3bnkscope:eqversion:ayaplcel.86a.0041

Trust: 1.0

vendor:intelmodel:nuc7i7bnhscope:eqversion:ccsklm30.86a.0052

Trust: 1.0

vendor:intelmodel:nuc kit nuc7i3bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i3bnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5bnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7bnhscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc7i5bnkscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i5bnhscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i3bnkscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i3bnhscope: - version: -

Trust: 0.6

vendor:intelmodel:bn0049scope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i7bnhscope: - version: -

Trust: 0.6

vendor:intelmodel:nuc7i7bnhscope:eqversion:0

Trust: 0.3

vendor:intelmodel:nuc7i5bnkscope:eqversion:0

Trust: 0.3

vendor:intelmodel:nuc7i5bnhscope:eqversion:0

Trust: 0.3

vendor:intelmodel:nuc7i3bnkscope:eqversion:0

Trust: 0.3

vendor:intelmodel:nuc7i3bnhscope:eqversion:0

Trust: 0.3

vendor:intelmodel:bn0049scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-30485 // BID: 101257 // JVNDB: JVNDB-2017-009421 // CNNVD: CNNVD-201710-118 // NVD: CVE-2017-5701

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5701
value: HIGH

Trust: 1.0

NVD: CVE-2017-5701
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-30485
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-118
value: HIGH

Trust: 0.6

VULHUB: VHN-113904
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5701
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-30485
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-113904
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5701
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-30485 // VULHUB: VHN-113904 // JVNDB: JVNDB-2017-009421 // CNNVD: CNNVD-201710-118 // NVD: CVE-2017-5701

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-113904 // JVNDB: JVNDB-2017-009421 // NVD: CVE-2017-5701

THREAT TYPE

local

Trust: 0.9

sources: BID: 101257 // CNNVD: CNNVD-201710-118

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201710-118

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009421

PATCH
title:INTEL-SA-00084url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr
Trust: 0.8
title:IntelSPIWriteProtection local security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/103862
Trust: 0.6
title:Multiple Intel Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75310
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-30485 // 
            
            
            
            JVNDB: JVNDB-2017-009421 // 
            
            
            
            CNNVD: CNNVD-201710-118

EXTERNAL IDS
db:NVDid:CVE-2017-5701
Trust: 3.4
db:BIDid:101257
Trust: 2.6
db:JVNDBid:JVNDB-2017-009421
Trust: 0.8
db:CNNVDid:CNNVD-201710-118
Trust: 0.7
db:CNVDid:CNVD-2017-30485
Trust: 0.6
db:VULHUBid:VHN-113904
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-30485 // 
            
            
            
            VULHUB: VHN-113904 // 
            
            
            
            BID: 101257 // 
            
            
            
            JVNDB: JVNDB-2017-009421 // 
            
            
            
            CNNVD: CNNVD-201710-118 // 
            
            
            
            NVD: CVE-2017-5701

REFERENCES
url:http://www.securityfocus.com/bid/101257
Trust: 1.7
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5701
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5701
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5700
Trust: 0.6
url:http://www.intel.com/
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00084&languageid=en-fr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-30485 // 
            
            
            
            VULHUB: VHN-113904 // 
            
            
            
            BID: 101257 // 
            
            
            
            JVNDB: JVNDB-2017-009421 // 
            
            
            
            CNNVD: CNNVD-201710-118 // 
            
            
            
            NVD: CVE-2017-5701

CREDITS
Nikolaj Schlej.
Trust: 0.3
sources:
            
            
            BID: 101257

SOURCES
db:CNVDid:CNVD-2017-30485
db:VULHUBid:VHN-113904
db:BIDid:101257
db:JVNDBid:JVNDB-2017-009421
db:CNNVDid:CNNVD-201710-118
db:NVDid:CVE-2017-5701

LAST UPDATE DATE
2024-11-23T21:40:17.150000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-30485date:2017-10-18T00:00:00
db:VULHUBid:VHN-113904date:2019-10-03T00:00:00
db:BIDid:101257date:2017-10-06T00:00:00
db:JVNDBid:JVNDB-2017-009421date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-118date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5701date:2024-11-21T03:28:15.037

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-30485date:2017-10-18T00:00:00
db:VULHUBid:VHN-113904date:2017-10-11T00:00:00
db:BIDid:101257date:2017-10-06T00:00:00
db:JVNDBid:JVNDB-2017-009421date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-118date:2017-10-11T00:00:00
db:NVDid:CVE-2017-5701date:2017-10-11T00:29:00.270