CVE-2017-9457

Опубликовано: 25 июл. 2017

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.

Ссылки

http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Jul/56
Mailing List
Third Party Advisory
https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
Third Party Advisory
http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Jul/56
Mailing List
Third Party Advisory
https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:compulab:intense_pc_firmware:*:*:*:*:*:*:*:*

Версия до cr_2.2.0.400.2 (включая)

cpe:2.3:h:compulab:intense_pc:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00096

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-9q3p-fv9f-wwxj