cvelistv5 - cve-2017-5684

CVE-2017-5684 (GCVE-0-2017-5684)

Vulnerability from cvelistv5 – Published: 2017-04-03 21:00 – Updated: 2024-08-05 15:11

Summary

The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

intel

References

URL

	Vendor	Product	Version
	Intel	Intel Compute Stick STK2MV64CC	Affected: Before CC047

CNVD-2017-10730

Vulnerability from cnvd - Published: 2017-06-22

Title

Intel NUC和Compute Stick DCI本地信息泄露漏洞（CNVD-2017-10730）

Description

Intel NUC是英特尔（Intel）公司的微型PC，它相当于小型台式机，方便您在任何房间里工作、学习和娱乐。 Intel NUC和Compute Stick DCI存在本地信息泄露漏洞。具有物理访问权限的攻击者可利用漏洞获取敏感信息，导致进一步攻击。

Severity

低

Patch Name

Intel NUC和Compute Stick DCI本地信息泄露漏洞（CNVD-2017-10730）的补丁

Patch Description

Intel NUC是英特尔（Intel）公司的微型PC，它相当于小型台式机，方便您在任何房间里工作、学习和娱乐。 Intel NUC和Compute Stick DCI存在本地信息泄露漏洞。具有物理访问权限的攻击者可利用漏洞获取敏感信息，导致进一步攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr

Reference

http://www.securityfocus.com/bid/97408 https://nvd.nist.gov/vuln/detail/CVE-2017-5684

Impacted products

Name
Intel Compute Stick systems based on 6th Gen Intel Core processors <CC047

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97408"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5684"
    }
  },
  "description": "Intel NUC\u662f\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u5fae\u578bPC\uff0c\u5b83\u76f8\u5f53\u4e8e\u5c0f\u578b\u53f0\u5f0f\u673a\uff0c\u65b9\u4fbf\u60a8\u5728\u4efb\u4f55\u623f\u95f4\u91cc\u5de5\u4f5c\u3001\u5b66\u4e60\u548c\u5a31\u4e50\u3002\r\n\r\nIntel NUC\u548cCompute Stick DCI\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5177\u6709\u7269\u7406\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Maxim Goryachy and Mark Ermolov of Positive Technologies",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10730",
  "openTime": "2017-06-22",
  "patchDescription": "Intel NUC\u662f\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u5fae\u578bPC\uff0c\u5b83\u76f8\u5f53\u4e8e\u5c0f\u578b\u53f0\u5f0f\u673a\uff0c\u65b9\u4fbf\u60a8\u5728\u4efb\u4f55\u623f\u95f4\u91cc\u5de5\u4f5c\u3001\u5b66\u4e60\u548c\u5a31\u4e50\u3002\r\n\r\nIntel NUC\u548cCompute Stick DCI\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u5177\u6709\u7269\u7406\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel NUC\u548cCompute Stick DCI\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-10730\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Intel Compute Stick systems based on 6th Gen Intel Core processors \u003cCC047"
  },
  "referenceLink": "http://www.securityfocus.com/bid/97408\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5684",
  "serverity": "\u4f4e",
  "submitTime": "2017-05-24",
  "title": "Intel NUC\u548cCompute Stick DCI\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-10730\uff09"
}

FKIE_CVE-2017-5684

Vulnerability from fkie_nvd - Published: 2017-04-03 21:59 - Updated: 2025-04-20 01:37

Severity ?

3.9 (Low) - CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.

References

	URL	Tags
	secure@intel.com	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073&languageid=en-fr	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	stk2mv64cc_bios	*
	intel	stk2mv64cc	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:stk2mv64cc_bios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78291F6-734D-45E1-A06D-64D7B01AFD54",
              "versionEndIncluding": "ccsklm5v.86a.0046.2017.0105.1608",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9497CA1C-A3CA-4CC4-8192-69DF58630575",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information."
    },
    {
      "lang": "es",
      "value": "Los sistemas BIOS en Intel Compute Stick basados en los procesadores 6th Gen Intel Core anteriores a la versi\u00f3n CC047 puede permitir a un atacante con acceso f\u00edsico al sistema obtener acceso a informaci\u00f3n personal."
    }
  ],
  "id": "CVE-2017-5684",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.9,
          "baseSeverity": "LOW",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-03T21:59:00.187",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201704-0655

Vulnerability from variot - Updated: 2023-12-18 12:37

The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel's micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. Note: This issue was previously titled 'Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0655",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "stk2mv64cc bios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "intel",
        "version": "ccsklm5v.86a.0046.2017.0105.1608"
      },
      {
        "model": "compute stick stk2mv64cc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "intel",
        "version": "cc047   (bios - i6 ccsklm5v.86a)"
      },
      {
        "model": "compute stick systems based on 6th gen intel core processors \u003ccc047",
        "scope": null,
        "trust": 0.6,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "stk2mv64cc bios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "intel",
        "version": "ccsklm5v.86a.0046.2017.0105.1608"
      },
      {
        "model": "nuc6i7kyk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "0"
      },
      {
        "model": "nuc6i5syh/k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "0"
      },
      {
        "model": "nuc6i3syh/k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "0"
      },
      {
        "model": "compute stick stk2mv64cc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "0"
      },
      {
        "model": "nuc6i7kyk ky0045",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc6i5syh/k sy0059",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "nuc6i3syh/k sy0059",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      },
      {
        "model": "compute stick stk2mv64cc cc0047",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "BID",
        "id": "97408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:stk2mv64cc_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "ccsklm5v.86a.0046.2017.0105.1608",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maxim Goryachy and Mark Ermolov of Positive Technologies.",
    "sources": [
      {
        "db": "BID",
        "id": "97408"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-5684",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-5684",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-10730",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-113887",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.3,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.9,
            "baseSeverity": "Low",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-5684",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-5684",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-10730",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-153",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-113887",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel\u0027s micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. \nNote: This issue was previously titled \u0027Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability\u0027. The title and technical details have been changed to better reflect the vulnerability  impact. BIOS is one of the basic input input systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "BID",
        "id": "97408"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113887"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5684",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "97408",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-113887",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113887"
      },
      {
        "db": "BID",
        "id": "97408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "id": "VAR-201704-0655",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113887"
      }
    ],
    "trust": 1.35398737
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:37:29.153000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "INTEL-SA-00073",
        "trust": 0.8,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
      },
      {
        "title": "Patch for IntelNUC and ComputeStickDCI Local Information Disclosure Vulnerability (CNVD-2017-10730)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/96213"
      },
      {
        "title": "Intel NUC systems based on 6th Gen Intel Core BIOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73791"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-276",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5684"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5684"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/97408"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/content/www/us/en/homepage.html"
      },
      {
        "trust": 0.1,
        "url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026amp;languageid=en-fr"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113887"
      },
      {
        "db": "BID",
        "id": "97408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113887"
      },
      {
        "db": "BID",
        "id": "97408"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "date": "2017-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113887"
      },
      {
        "date": "2017-04-03T00:00:00",
        "db": "BID",
        "id": "97408"
      },
      {
        "date": "2017-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "date": "2017-04-03T21:59:00.187000",
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "date": "2017-04-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10730"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113887"
      },
      {
        "date": "2017-04-11T00:03:00",
        "db": "BID",
        "id": "97408"
      },
      {
        "date": "2017-05-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-5684"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "97408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Intel Compute Stick system\u0027s  BIOS Vulnerabilities that gain access",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002978"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-153"
      }
    ],
    "trust": 0.6
  }
}

GHSA-XC65-HJQF-58GR

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46

Details

The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.

Severity ?

3.9 (Low)


                  
                    CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-03T21:59:00Z",
    "severity": "LOW"
  },
  "details": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.",
  "id": "GHSA-xc65-hjqf-58gr",
  "modified": "2022-05-13T01:46:15Z",
  "published": "2022-05-13T01:46:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5684"
    },
    {
      "type": "WEB",
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-5684

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.

Aliases

CVE-2017-5684

Aliases

CVE-2017-5684

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5684",
    "description": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.",
    "id": "GSD-2017-5684"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5684"
      ],
      "details": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.",
      "id": "GSD-2017-5684",
      "modified": "2023-12-13T01:21:14.169056Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2017-5684",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel Compute Stick STK2MV64CC",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Before CC047"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Intel"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr",
            "refsource": "CONFIRM",
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:stk2mv64cc_bios:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "ccsklm5v.86a.0046.2017.0105.1608",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2017-5684"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00073\u0026languageid=en-fr"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 0.3,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-04-03T21:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-5684 (GCVE-0-2017-5684)

CNVD-2017-10730

FKIE_CVE-2017-5684

VAR-201704-0655

GHSA-XC65-HJQF-58GR

GSD-2017-5684

Tags

Sightings

Nomenclature