Intel® NUC BIOS Security Updates

Summary:

This update mitigates multiple vulnerabilities related to security features in certain Intel® NUC system firmware (BIOS).

Description:

BIOS Administrator and User password bypass: Insufficient protection of password storage in system firmware for NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attacker to bypass Administrator and User passwords via access to password storage.

• CVE-2017-5700 – 7.1 (High): CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

SPI Write Protection Bypass: Insecure platform configuration in system firmare for NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.

• CVE-2017-5701 – 7.1 (High): CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

SMM Privilege Elevation: Insufficient input validation in system firmware for NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 allows local attacker to execute arbitrary code via manipulation of memory.

• CVE-2017-5721 - 7.5 (High): CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Boot Guard Bypass: Incorrect policy enforcement in system firmware for NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 allows attacker with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.

• CVE-2017-5722 - 7.5 (High): CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products:

The following Intel NUC and Compute Stick products have BIOS updates to mitigate these issues: