Vulnerability CVE-2017-5691


Published: 2017-07-26

Description:
Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.

Vendor: Intel
Product: R1304sposhorr bios 
Product: Nuc6i5syk bios 
Product: R1208sposhorr bios 
Product: Nuc7i3bnk bios 
Product: S1200splr bios 
Product: R1304sposhbn bios 
Product: R1304sposhbnr bios 
Product: Nuc6i7kyk bios 
Product: Nuc6i3syk bios 
Product: R1304sposhor bios 
Product: Stk2m3w64cc bios 
Product: R1208sposhor bios 
Product: Lr1304spcfg1 bios 
Product: S1200spl bios 
Product: Nuc7i7bnh bios 
Product: S1200spo bios 
Product: Nuc7i5bnk bios 
Product: Stk2mv64cc bios 
Product: Lr1304spcfg1r bios 
Product: S1200spor bios 
Product: S1200sps bios 
Product: S1200spsr bios 

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr
https://support.lenovo.com/us/en/product_security/LEN-15184

Related CVE
CVE-2019-0135
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in RSTe v5.5 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0129
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0121
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-18091
Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may all...
CVE-2018-18090
Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow ...
CVE-2018-18089
Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 m...
CVE-2018-12224
Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an a...
CVE-2018-12223
Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6...

Copyright 2019, cxsecurity.com

 

Back to Top