Vulnerability CVE-2017-5703

Vulnerability CVE-2017-5703

Published: 2018-04-03

Description:

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.6/10	4.9/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	Partial

Affected software
Intel -> Xeon e7-8880 v4
Intel -> Celeron n2805
Intel -> Xeon phi 7230f
Intel -> Core i7-5600u
Intel -> Core i7-6700
Intel -> Core i7-7567u
Intel -> Core i7-8700b
Intel -> Xeon 3106
Intel -> Xeon 6126f
Intel -> Xeon 6142f
Intel -> Xeon 8164
Intel -> Xeon d-1529
Intel -> Xeon d-2141i
Intel -> Xeon e3-1230 v5
Intel -> Xeon e3-1285 v6
Intel -> Xeon e3-1585l v5
Intel -> Atom c2750
Intel -> Xeon e7-4850 v4
Intel -> Atom c3958
Intel -> Xeon e7-8880l v2
Intel -> Celeron n2806
Intel -> Xeon phi 7250
Intel -> Core i7-5650u
Intel -> Core i7-6700hq
Intel -> Core i7-7600u
Intel -> Core i7-8700k
Intel -> Xeon 4108
Intel -> Xeon 6126t
Intel -> Xeon 6142m
Intel -> Xeon 8168
Intel -> Xeon d-1531
Intel -> Xeon d-2142it
Intel -> Xeon e3-1230 v6
Intel -> Xeon e3-1501l v6
Intel -> Atom c2308
Intel -> Xeon e7-2850 v2
Intel -> Atom c2758
Intel -> Xeon e7-4860 v2
Intel -> Atom x5-e3930
Intel -> Xeon e7-8880l v3
Intel -> Celeron n2807
Intel -> Xeon phi 7250f
Intel -> Core i7-5700eq
Intel -> Core i7-6700k
Intel -> Core i7-7660u
Intel -> Core i7-8700t
Intel -> Xeon 4109t
Intel -> Xeon 6128
Intel -> Xeon 6144
Intel -> Xeon 8170
Intel -> Xeon d-1533n
Intel -> Xeon d-2143it
Intel -> Xeon e3-1235l v5
Intel -> Xeon e3-1501m v6
Intel -> Atom c2316
Intel -> Xeon e7-2870 v2
Intel -> Atom c3308
Intel -> Xeon e7-4870 v2
Intel -> Atom x5-e3940
Intel -> Xeon e7-8890 v2
Intel -> Celeron n2808
Intel -> Xeon phi 7290
Intel -> Core i7-5700hq
Intel -> Core i7-6700t
Intel -> Core i7-7700
Intel -> Core i7-8705g
Intel -> Xeon 4110
Intel -> Xeon 6130
Intel -> Xeon 6146
Intel -> Xeon 8170m
Intel -> Xeon d-1537
Intel -> Xeon d-2145nt
Intel -> Xeon e3-1240 v5
Intel -> Xeon e3-1505l v5
Intel -> Atom c2338
Intel -> Xeon e7-2880 v2
Intel -> Atom c3338
Intel -> Xeon e7-4880 v2
Intel -> Atom x5-e8000
Intel -> Xeon e7-8890 v3
Intel -> Celeron n2810
Intel -> Xeon phi 7290f
Intel -> Core i7-5750hq
Intel -> Core i7-6700te
Intel -> Core i7-7700hq
Intel -> Core i7-8706g
Intel -> Xeon 4112
Intel -> Xeon 6130f
Intel -> Xeon 6148
Intel -> Xeon 8176
Intel -> Xeon d-1539
Intel -> Xeon d-2146nt
Intel -> Xeon e3-1240 v6
Intel -> Xeon e3-1505l v6
Intel -> Atom c2350
Intel -> Xeon e7-2890 v2
Intel -> Atom c3508
Intel -> Xeon e7-4890 v2
Intel -> Atom x5-z8300
Intel -> Xeon e7-8890 v4

References:

http://www.securitytracker.com/id/1040626

https://security.netapp.com/advisory/ntap-20180924-0004/

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us

Vulnerability CVE-2017-5703

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.

CWE-269

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:P)

3.6/10

4.9/10

3.9/10

Local

Low

No required

None

Partial

Partial

Affected software

References: