var-201704-0655
Vulnerability from variot
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel's micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. Note: This issue was previously titled 'Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "stk2mv64cc bios",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "ccsklm5v.86a.0046.2017.0105.1608"
},
{
"model": "compute stick stk2mv64cc",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "cc047 (bios - i6 ccsklm5v.86a)"
},
{
"model": "compute stick systems based on 6th gen intel core processors \u003ccc047",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "stk2mv64cc bios",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "ccsklm5v.86a.0046.2017.0105.1608"
},
{
"model": "nuc6i7kyk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i5syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i3syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "compute stick stk2mv64cc",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i7kyk ky0045",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i5syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i3syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2mv64cc cc0047",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:stk2mv64cc_bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "ccsklm5v.86a.0046.2017.0105.1608",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5684"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Goryachy and Mark Ermolov of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "97408"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5684",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-10730",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-113887",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.9,
"baseSeverity": "Low",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5684",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5684",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2017-10730",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-153",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-113887",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel\u0027s micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. \nNote: This issue was previously titled \u0027Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability\u0027. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "VULHUB",
"id": "VHN-113887"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5684",
"trust": 3.4
},
{
"db": "BID",
"id": "97408",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10730",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-113887",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"id": "VAR-201704-0655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
}
],
"trust": 1.35398737
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
}
]
},
"last_update_date": "2023-12-18T12:37:29.153000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00073",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"title": "Patch for IntelNUC and ComputeStickDCI Local Information Disclosure Vulnerability (CNVD-2017-10730)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96213"
},
{
"title": "Intel NUC systems based on 6th Gen Intel Core BIOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73791"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5684"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5684"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/97408"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026amp;languageid=en-fr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"db": "VULHUB",
"id": "VHN-113887"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"date": "2017-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113887"
},
{
"date": "2017-04-03T00:00:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"date": "2017-04-03T21:59:00.187000",
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"date": "2017-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10730"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113887"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002978"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5684"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97408"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Compute Stick system\u0027s BIOS Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002978"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-153"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.