Sign-up

ID

VAR-201711-0646


CVE

CVE-2017-5707


TITLE

Intel Trusted Execution Engine Firmware Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010521

DESCRIPTION

Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code. IntelTrustedExecutionEngineFirmware is a trusted execution engine firmware product. There are multiple local buffer overflow vulnerabilities in IntelTrustedExecutionEngine. Failed exploit attempts will likely result in denial-of-service conditions. Intel Xeon Processor E3-1200 and others are CPUs (Central Processing Units) of Intel Corporation. The following products are affected: Intel 6th, 7th, and 8th Generation Intel Core Processor Family; Intel Xeon Processor E3-1200 v5 and v6 Product Family; Intel Xeon Processor Scalable Family; Intel Xeon Processor W Family; Intel Atom C3000 Processor Family; Apollo Lake Intel Atom Processor E3900 series; Apollo Lake Intel Pentium; Celeron N and J series Processors

Trust: 2.7

sources: NVD: CVE-2017-5707 // JVNDB: JVNDB-2017-010521 // CNVD: CNVD-2017-37806 // BID: 101919 // IVD: e2dff631-39ab-11e9-980f-000c29342cb1 // VULHUB: VHN-113910

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2dff631-39ab-11e9-980f-000c29342cb1 // CNVD: CNVD-2017-37806

AFFECTED PRODUCTS

vendor:intelmodel:trusted execution enginescope:eqversion:3.0

Trust: 3.3

vendor:intelmodel:trusted execution enginescope:neversion:3.1.50.2222

Trust: 0.3

vendor:trusted execution enginemodel: - scope:eqversion:3.0

Trust: 0.2

sources: IVD: e2dff631-39ab-11e9-980f-000c29342cb1 // CNVD: CNVD-2017-37806 // BID: 101919 // JVNDB: JVNDB-2017-010521 // CNNVD: CNNVD-201711-885 // NVD: CVE-2017-5707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5707
value: HIGH

Trust: 1.0

NVD: CVE-2017-5707
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37806
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-885
value: HIGH

Trust: 0.6

IVD: e2dff631-39ab-11e9-980f-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-113910
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5707
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37806
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2dff631-39ab-11e9-980f-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113910
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5707
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2dff631-39ab-11e9-980f-000c29342cb1 // CNVD: CNVD-2017-37806 // VULHUB: VHN-113910 // JVNDB: JVNDB-2017-010521 // CNNVD: CNNVD-201711-885 // NVD: CVE-2017-5707

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-113910 // JVNDB: JVNDB-2017-010521 // NVD: CVE-2017-5707

THREAT TYPE

local

Trust: 0.9

sources: BID: 101919 // CNNVD: CNNVD-201711-885

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: e2dff631-39ab-11e9-980f-000c29342cb1 // CNNVD: CNNVD-201711-885

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010521

PATCH
title:INTEL-SA-00086url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Trust: 0.8
title:NTAP-20171120-0001url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 0.8
title:IntelTrustedExecutionEngine has multiple patches for local buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111373
Trust: 0.6
title:Multiple Intel product Trusted Execution Engine Firmware Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76617
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37806 // 
            
            
            
            JVNDB: JVNDB-2017-010521 // 
            
            
            
            CNNVD: CNNVD-201711-885

EXTERNAL IDS
db:NVDid:CVE-2017-5707
Trust: 3.6
db:BIDid:101919
Trust: 2.0
db:SIEMENSid:SSA-892715
Trust: 1.1
db:CNVDid:CNVD-2017-37806
Trust: 0.8
db:CNNVDid:CNNVD-201711-885
Trust: 0.8
db:ICS CERTid:ICSA-18-060-01
Trust: 0.8
db:JVNDBid:JVNDB-2017-010521
Trust: 0.8
db:IVDid:E2DFF631-39AB-11E9-980F-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-113910
Trust: 0.1
sources:
            
            
            IVD: e2dff631-39ab-11e9-980f-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2017-37806 // 
            
            
            
            VULHUB: VHN-113910 // 
            
            
            
            BID: 101919 // 
            
            
            
            JVNDB: JVNDB-2017-010521 // 
            
            
            
            CNNVD: CNNVD-201711-885 // 
            
            
            
            NVD: CVE-2017-5707

REFERENCES
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 2.5
url:http://www.securityfocus.com/bid/101919
Trust: 1.1
url:https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Trust: 1.1
url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 1.1
url:https://www.asus.com/news/wzeltg5cjyaiwgj0
Trust: 1.1
url:https://www.synology.com/support/security/synology_sa_17_73
Trust: 1.1
url:https://twitter.com/ptsecurity_uk/status/938447926128291842
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5707
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-060-01
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5707
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37806 // 
            
            
            
            VULHUB: VHN-113910 // 
            
            
            
            BID: 101919 // 
            
            
            
            JVNDB: JVNDB-2017-010521 // 
            
            
            
            CNNVD: CNNVD-201711-885 // 
            
            
            
            NVD: CVE-2017-5707

CREDITS
Mark Ermolov and Maxim Goryachy from Positive Technologies
Trust: 0.3
sources:
            
            
            BID: 101919

SOURCES
db:IVDid:e2dff631-39ab-11e9-980f-000c29342cb1
db:CNVDid:CNVD-2017-37806
db:VULHUBid:VHN-113910
db:BIDid:101919
db:JVNDBid:JVNDB-2017-010521
db:CNNVDid:CNNVD-201711-885
db:NVDid:CVE-2017-5707

LAST UPDATE DATE
2024-11-23T21:53:37.940000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37806date:2017-12-21T00:00:00
db:VULHUBid:VHN-113910date:2018-05-11T00:00:00
db:BIDid:101919date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010521date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201711-885date:2017-11-22T00:00:00
db:NVDid:CVE-2017-5707date:2024-11-21T03:28:15.790

SOURCES RELEASE DATE
db:IVDid:e2dff631-39ab-11e9-980f-000c29342cb1date:2017-12-21T00:00:00
db:CNVDid:CNVD-2017-37806date:2017-12-21T00:00:00
db:VULHUBid:VHN-113910date:2017-11-21T00:00:00
db:BIDid:101919date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-010521date:2017-12-18T00:00:00
db:CNNVDid:CNNVD-201711-885date:2017-11-22T00:00:00
db:NVDid:CVE-2017-5707date:2017-11-21T14:29:00.370