var-201901-0450
Vulnerability from variot
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access. Intel(R) NUC kits Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelNUCKitNUC7CJYH and other are all mini-host products of Intel Corporation of the United States. There is a configuration error vulnerability in the system firmware in several Intel products. An attacker with a physical location nearby can exploit this vulnerability to increase privileges. ImpressCMS is a MySQL-based, modular content management system (CMS). The system includes modules such as news release, forum and photo album. The following products are affected: Intel NUC Kit NUC7CJYH ; NUC Kit NUC8i7HNK ; Compute Card CD1M3128MK ; Compute Card CD1IV128MK ; Compute Card CD1P64GK ; NUC Kit NUC7i7DNKE ; NUC Kit NUC7i5DNKE ; NUC Kit NUC7i3DNHE ; NUC Kit NUC7i7BNH ; NUC Kit NUC6CAYS ; NUC Kit DE3815TYBE ; NUC Kit NUC6i5SYH ; NUC Kit NUC6i7KYK ; NUC Kit NUC5PGYH ; NUC Kit NUC5CPYH ; NUC Kit NUC5i7RYH ; NUC Kit NUC5i5MYHE ; NUC Kit NUC5i3MYHE ; NUC Kit DE3815TYBE ; NUC Kit DN2820FYKH ; NUC Kit D54250WYB ; NUC Kit D53427RKE ; NUC Kit D33217GKE ; Compute Stick STK2mv64CC; Compute Stick STK2m3W64CC; Compute Stick STK1AW32SC; Compute Stick STCK1A32WFC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0450",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compute card",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "compute stick",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "compute card",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "compute stick",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7cjyh",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc8i7hnk",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "compute card cd1m3128mk",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "compute card cd1iv128mk",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "compute card cd1p64gk",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit de3815tybe",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6cays",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i7bnh",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i3dnhe",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i5dnke",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i7dnke",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6i7kyk",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6i5syh",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2mv64cc",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2m3w64cc",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk1aw32sc",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stck1a32wfc",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:intel:compute_card_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:compute_stick_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:nuc_kit_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
}
]
},
"cve": "CVE-2017-3718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3718",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-02512",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-111921",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"id": "CVE-2017-3718",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3718",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3718",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-02512",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-337",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-111921",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "VULHUB",
"id": "VHN-111921"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-337"
},
{
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access. Intel(R) NUC kits Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelNUCKitNUC7CJYH and other are all mini-host products of Intel Corporation of the United States. There is a configuration error vulnerability in the system firmware in several Intel products. An attacker with a physical location nearby can exploit this vulnerability to increase privileges. ImpressCMS is a MySQL-based, modular content management system (CMS). The system includes modules such as news release, forum and photo album. The following products are affected: Intel NUC Kit NUC7CJYH ; NUC Kit NUC8i7HNK ; Compute Card CD1M3128MK ; Compute Card CD1IV128MK ; Compute Card CD1P64GK ; NUC Kit NUC7i7DNKE ; NUC Kit NUC7i5DNKE ; NUC Kit NUC7i3DNHE ; NUC Kit NUC7i7BNH ; NUC Kit NUC6CAYS ; NUC Kit DE3815TYBE ; NUC Kit NUC6i5SYH ; NUC Kit NUC6i7KYK ; NUC Kit NUC5PGYH ; NUC Kit NUC5CPYH ; NUC Kit NUC5i7RYH ; NUC Kit NUC5i5MYHE ; NUC Kit NUC5i3MYHE ; NUC Kit DE3815TYBE ; NUC Kit DN2820FYKH ; NUC Kit D54250WYB ; NUC Kit D53427RKE ; NUC Kit D33217GKE ; Compute Stick STK2mv64CC; Compute Stick STK2m3W64CC; Compute Stick STK1AW32SC; Compute Stick STCK1A32WFC",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3718"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "VULHUB",
"id": "VHN-111921"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3718",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-337",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-02512",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111921",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "VULHUB",
"id": "VHN-111921"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-337"
},
{
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"id": "VAR-201901-0450",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "VULHUB",
"id": "VHN-111921"
}
],
"trust": 1.3857430205882353
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
}
]
},
"last_update_date": "2024-11-23T22:21:51.674000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00144",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00144.html"
},
{
"title": "Patches for multiple Intel product configuration error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/151151"
},
{
"title": "Multiple Intel Product configuration error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88512"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-337"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111921"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00144.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3718"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3718"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "VULHUB",
"id": "VHN-111921"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-337"
},
{
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"db": "VULHUB",
"id": "VHN-111921"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-337"
},
{
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"date": "2019-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-111921"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"date": "2019-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-337"
},
{
"date": "2019-01-10T20:29:00.237000",
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-02512"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-111921"
},
{
"date": "2019-03-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001535"
},
{
"date": "2021-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-337"
},
{
"date": "2024-11-21T03:26:01.080000",
"db": "NVD",
"id": "CVE-2017-3718"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) NUC kits Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001535"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-337"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…