Lucene search

MitreCVE-2017-9457

HistoryJul 25, 2017 - 2:29 p.m.

CVE-2017-9457

2017-07-2514:29:00

CWE-20

mitre

web.nvd.nist.gov

cve-2017-9457

firmware

security

uefi

signature validation

administrator privileges

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.

Affected configurations

Nvd

Node

compulabintense_pc_firmwareRange≤cr_2.2.0.400.2

AND

compulabintense_pcMatch-

VendorProductVersionCPE
compulabintense_pc_firmware*cpe:2.3:o:compulab:intense_pc_firmware:*:*:*:*:*:*:*:*
compulabintense_pc-cpe:2.3:h:compulab:intense_pc:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
compulab	intense_pc_firmware	*	cpe:2.3:o:compulab:intense_pc_firmware::::::::
compulab	intense_pc	-	cpe:2.3:h:compulab:intense_pc:-:::::::*

References

packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html

seclists.org/fulldisclosure/2017/Jul/56

watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2017-9457