Details of VAR-201901-0450

ID

VAR-201901-0450

CVE

CVE-2017-3718

TITLE

Intel(R) NUC kits Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2019-001535

DESCRIPTION

Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access. Intel(R) NUC kits Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelNUCKitNUC7CJYH and other are all mini-host products of Intel Corporation of the United States. There is a configuration error vulnerability in the system firmware in several Intel products. An attacker with a physical location nearby can exploit this vulnerability to increase privileges. ImpressCMS is a MySQL-based, modular content management system (CMS). The system includes modules such as news release, forum and photo album. The following products are affected: Intel NUC Kit NUC7CJYH ; NUC Kit NUC8i7HNK ; Compute Card CD1M3128MK ; Compute Card CD1IV128MK ; Compute Card CD1P64GK ; NUC Kit NUC7i7DNKE ; NUC Kit NUC7i5DNKE ; NUC Kit NUC7i3DNHE ; NUC Kit NUC7i7BNH ; NUC Kit NUC6CAYS ; NUC Kit DE3815TYBE ; NUC Kit NUC6i5SYH ; NUC Kit NUC6i7KYK ; NUC Kit NUC5PGYH ; NUC Kit NUC5CPYH ; NUC Kit NUC5i7RYH ; NUC Kit NUC5i5MYHE ; NUC Kit NUC5i3MYHE ; NUC Kit DE3815TYBE ; NUC Kit DN2820FYKH ; NUC Kit D54250WYB ; NUC Kit D53427RKE ; NUC Kit D33217GKE ; Compute Stick STK2mv64CC; Compute Stick STK2m3W64CC; Compute Stick STK1AW32SC; Compute Stick STCK1A32WFC

Trust: 2.25

sources: NVD: CVE-2017-3718 // JVNDB: JVNDB-2019-001535 // CNVD: CNVD-2019-02512 // VULHUB: VHN-111921

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-02512

AFFECTED PRODUCTS

vendor:	intel	model:	compute card	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	nuc kit	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	compute stick	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	compute card	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	compute stick	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	nuc kit nuc7cjyh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc8i7hnk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1m3128mk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1iv128mk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute card cd1p64gk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit de3815tybe	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6cays	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc7i7bnh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc7i3dnhe	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc7i5dnke	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc7i7dnke	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6i7kyk	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	nuc kit nuc6i5syh	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stk2mv64cc	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stk2m3w64cc	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stk1aw32sc	scope:	-	version:	-	Trust: 0.6
vendor:	intel	model:	compute stick stck1a32wfc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-02512 // JVNDB: JVNDB-2019-001535 // NVD: CVE-2017-3718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3718
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3718
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-02512
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201901-337
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-111921
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3718
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-02512
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-111921
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3718
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.3
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-02512 // VULHUB: VHN-111921 // JVNDB: JVNDB-2019-001535 // CNNVD: CNNVD-201901-337 // NVD: CVE-2017-3718

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-111921 // JVNDB: JVNDB-2019-001535 // NVD: CVE-2017-3718

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201901-337

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001535

PATCH

title:	INTEL-SA-00144	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00144.html	Trust: 0.8
title:	Patches for multiple Intel product configuration error vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/151151	Trust: 0.6
title:	Multiple Intel Product configuration error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88512	Trust: 0.6

sources: CNVD: CNVD-2019-02512 // JVNDB: JVNDB-2019-001535 // CNNVD: CNNVD-201901-337

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3718	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-001535	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-337	Trust: 0.7
db:	CNVD	id:	CNVD-2019-02512	Trust: 0.6
db:	VULHUB	id:	VHN-111921	Trust: 0.1

sources: CNVD: CNVD-2019-02512 // VULHUB: VHN-111921 // JVNDB: JVNDB-2019-001535 // CNNVD: CNNVD-201901-337 // NVD: CVE-2017-3718

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00144.html	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3718	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3718	Trust: 0.8

sources: CNVD: CNVD-2019-02512 // VULHUB: VHN-111921 // JVNDB: JVNDB-2019-001535 // CNNVD: CNNVD-201901-337 // NVD: CVE-2017-3718

SOURCES

db:	CNVD	id:	CNVD-2019-02512
db:	VULHUB	id:	VHN-111921
db:	JVNDB	id:	JVNDB-2019-001535
db:	CNNVD	id:	CNNVD-201901-337
db:	NVD	id:	CVE-2017-3718

LAST UPDATE DATE

2024-11-23T22:21:51.674000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-02512	date:	2019-01-23T00:00:00
db:	VULHUB	id:	VHN-111921	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-001535	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-337	date:	2021-07-09T00:00:00
db:	NVD	id:	CVE-2017-3718	date:	2024-11-21T03:26:01.080

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-02512	date:	2019-01-23T00:00:00
db:	VULHUB	id:	VHN-111921	date:	2019-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001535	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-337	date:	2019-01-11T00:00:00
db:	NVD	id:	CVE-2017-3718	date:	2019-01-10T20:29:00.237