VAR-201704-0655
Vulnerability from variot - Updated: 2023-12-18 12:37The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel's micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. Note: This issue was previously titled 'Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "stk2mv64cc bios",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "ccsklm5v.86a.0046.2017.0105.1608"
},
{
"model": "compute stick stk2mv64cc",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "cc047 (bios - i6 ccsklm5v.86a)"
},
{
"model": "compute stick systems based on 6th gen intel core processors \u003ccc047",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "stk2mv64cc bios",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "ccsklm5v.86a.0046.2017.0105.1608"
},
{
"model": "nuc6i7kyk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i5syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i3syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "compute stick stk2mv64cc",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i7kyk ky0045",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i5syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i3syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2mv64cc cc0047",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:stk2mv64cc_bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "ccsklm5v.86a.0046.2017.0105.1608",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5684"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Goryachy and Mark Ermolov of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "97408"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5684",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-10730",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-113887",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.9,
"baseSeverity": "Low",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5684",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5684",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2017-10730",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-153",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-113887",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel\u0027s micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. \nNote: This issue was previously titled \u0027Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability\u0027. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "VULHUB",
"id": "VHN-113887"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5684",
"trust": 3.4
},
{
"db": "BID",
"id": "97408",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10730",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-113887",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"id": "VAR-201704-0655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
}
],
"trust": 1.35398737
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
}
]
},
"last_update_date": "2023-12-18T12:37:29.153000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00073",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"title": "Patch for IntelNUC and ComputeStickDCI Local Information Disclosure Vulnerability (CNVD-2017-10730)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96213"
},
{
"title": "Intel NUC systems based on 6th Gen Intel Core BIOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73791"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5684"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5684"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/97408"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026amp;languageid=en-fr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"date": "2017-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113887"
},
{
"date": "2017-04-03T00:00:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"date": "2017-04-03T21:59:00.187000",
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"date": "2017-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113887"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97408"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Compute Stick system\u0027s BIOS Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…