Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-5721

Опубликовано: 11 окт. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 4.4
EPSS Низкий

Описание

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:intel:nuc7i7bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i7bnh:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:intel:nuc7i5bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i5bnh:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:intel:nuc7i5bnk_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i5bnk:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:intel:nuc7i3bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i3bnh:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

Одно из

cpe:2.3:o:intel:nuc7i3bnk_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i3bnk:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.03989
Низкий

7.5 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-hg9f-cr6x-3gxw

CVSS3: 7.5
github
больше 3 лет назад

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.

EPSS

Процентиль: 88%
0.03989
Низкий

7.5 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-20