Sign-up

ID

VAR-201711-0649


CVE

CVE-2017-5710


TITLE

Intel Trusted Execution Engine Firmware Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010524

DESCRIPTION

Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector. IntelTrustedExecutionEngineFirmware is a trusted execution engine firmware product. There are multiple local privilege elevation vulnerabilities in IntelTrustedExecutionEngine. An attacker could exploit the vulnerability to access privileged content. Intel Xeon Processor E3-1200 and others are CPUs (Central Processing Units) of Intel Corporation. kernel is one of the kernels. The following products are affected: Intel 6th, 7th, and 8th Generation Intel Core Processor Family; Intel Xeon Processor E3-1200 v5 and v6 Product Family; Intel Xeon Processor Scalable Family; Intel Xeon Processor W Family; Intel Atom C3000 Processor Family; Apollo Lake Intel Atom Processor E3900 series; Apollo Lake Intel Pentium; Celeron N and J series Processors

Trust: 2.7

sources: NVD: CVE-2017-5710 // JVNDB: JVNDB-2017-010524 // CNVD: CNVD-2017-37807 // BID: 101922 // IVD: e2df8102-39ab-11e9-8a85-000c29342cb1 // VULHUB: VHN-113913

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2df8102-39ab-11e9-8a85-000c29342cb1 // CNVD: CNVD-2017-37807

AFFECTED PRODUCTS

vendor:intelmodel:trusted execution enginescope:eqversion:3.0

Trust: 3.3

vendor:intelmodel:trusted execution enginescope:neversion:3.1.50.2222

Trust: 0.3

vendor:trusted execution enginemodel: - scope:eqversion:3.0

Trust: 0.2

sources: IVD: e2df8102-39ab-11e9-8a85-000c29342cb1 // CNVD: CNVD-2017-37807 // BID: 101922 // JVNDB: JVNDB-2017-010524 // CNNVD: CNNVD-201711-882 // NVD: CVE-2017-5710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5710
value: HIGH

Trust: 1.0

NVD: CVE-2017-5710
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37807
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-882
value: HIGH

Trust: 0.6

IVD: e2df8102-39ab-11e9-8a85-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-113913
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5710
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37807
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2df8102-39ab-11e9-8a85-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113913
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5710
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2df8102-39ab-11e9-8a85-000c29342cb1 // CNVD: CNVD-2017-37807 // VULHUB: VHN-113913 // JVNDB: JVNDB-2017-010524 // CNNVD: CNNVD-201711-882 // NVD: CVE-2017-5710

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-113913 // JVNDB: JVNDB-2017-010524 // NVD: CVE-2017-5710

THREAT TYPE

local

Trust: 0.9

sources: BID: 101922 // CNNVD: CNNVD-201711-882

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-882

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:intel:trusted_execution_engine_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2017-010524

PATCH

title:INTEL-SA-00086url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Trust: 0.8

title:NTAP-20171120-0001url:https://security.netapp.com/advisory/ntap-20171120-0001/

Trust: 0.8

title:IntelTrustedExecutionEngine has multiple patches for local privilege escalation vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/111361

Trust: 0.6

title:Multiple Intel product Trusted Execution Engine Firmware Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76614

Trust: 0.6

sources: CNVD: CNVD-2017-37807 // JVNDB: JVNDB-2017-010524 // CNNVD: CNNVD-201711-882

EXTERNAL IDS

db:NVDid:CVE-2017-5710

Trust: 3.6

db:BIDid:101922

Trust: 2.6

db:SIEMENSid:SSA-892715

Trust: 1.7

db:CNNVDid:CNNVD-201711-882

Trust: 0.9

db:CNVDid:CNVD-2017-37807

Trust: 0.8

db:ICS CERTid:ICSA-18-060-01

Trust: 0.8

db:JVNDBid:JVNDB-2017-010524

Trust: 0.8

db:IVDid:E2DF8102-39AB-11E9-8A85-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-113913

Trust: 0.1

sources: IVD: e2df8102-39ab-11e9-8a85-000c29342cb1 // CNVD: CNVD-2017-37807 // VULHUB: VHN-113913 // BID: 101922 // JVNDB: JVNDB-2017-010524 // CNNVD: CNNVD-201711-882 // NVD: CVE-2017-5710

REFERENCES

url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr

Trust: 2.5

url:http://www.securityfocus.com/bid/101922

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20171120-0001/

Trust: 1.7

url:https://www.asus.com/news/wzeltg5cjyaiwgj0

Trust: 1.7

url:https://www.synology.com/support/security/synology_sa_17_73

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5710

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-18-060-01

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-5710

Trust: 0.8

url:http://www.intel.com/content/www/us/en/homepage.html

Trust: 0.3

url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr

Trust: 0.1

sources: CNVD: CNVD-2017-37807 // VULHUB: VHN-113913 // BID: 101922 // JVNDB: JVNDB-2017-010524 // CNNVD: CNNVD-201711-882 // NVD: CVE-2017-5710

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101922

SOURCES

db:IVDid:e2df8102-39ab-11e9-8a85-000c29342cb1
db:CNVDid:CNVD-2017-37807
db:VULHUBid:VHN-113913
db:BIDid:101922
db:JVNDBid:JVNDB-2017-010524
db:CNNVDid:CNNVD-201711-882
db:NVDid:CVE-2017-5710

LAST UPDATE DATE

2024-11-23T21:53:37.763000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-37807date:2017-12-21T00:00:00
db:VULHUBid:VHN-113913date:2019-10-03T00:00:00
db:BIDid:101922date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010524date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201711-882date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5710date:2024-11-21T03:28:16.170

SOURCES RELEASE DATE

db:IVDid:e2df8102-39ab-11e9-8a85-000c29342cb1date:2017-12-21T00:00:00
db:CNVDid:CNVD-2017-37807date:2017-12-21T00:00:00
db:VULHUBid:VHN-113913date:2017-11-21T00:00:00
db:BIDid:101922date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-010524date:2017-12-18T00:00:00
db:CNNVDid:CNNVD-201711-882date:2017-11-22T00:00:00
db:NVDid:CVE-2017-5710date:2017-11-21T14:29:00.480