CVE-2017-5701 - Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5

CVE-2017-5701

Summary

Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.

References

Vulnerable Configurations

cpe:2.3:o:intel:nuc7i7bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i7bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i7bnh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i7bnh:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i5bnh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i5bnh:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i5bnk_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i5bnk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i5bnk:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnh_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i3bnh:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i3bnh:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ayaplcel.86a.0041:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:bnkbl357.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ccsklm5v.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:ccsklm30.86a.0052:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:dnkbli5v.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:dnkbli30.86a.0026:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:kyskli70.86a.0050:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:rybdwi35.86a.0366:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:syskli35.86a.0062:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc7i3bnk_firmware:tybyt20h.86a.0015:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i3bnk:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc7i3bnk:-:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	101257
confirm	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr

Last major update

03-10-2019 - 00:03

Published

11-10-2017 - 00:29

Last modified

03-10-2019 - 00:03