var-201704-0656
Vulnerability from variot
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel's micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. Note: This issue was previously titled 'Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0656",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc6i7kyk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": "kyskli70.86a.0042.2016.0929.1933"
},
{
"model": "nuc kit nuc6i7kyk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc systems based on 6th gen intel core processors \u003cky0045",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i7kyk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i5syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i3syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "compute stick stk2mv64cc",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i7kyk ky0045",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i5syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i3syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2mv64cc cc0047",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc6i7kyk_bios:kyskli70.86a.0042.2016.0929.1933:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc6i7kyk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Goryachy and Mark Ermolov of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "97408"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5685",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-10729",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-113888",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.9,
"baseSeverity": "Low",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5685",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5685",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2017-10729",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-152",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-113888",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "VULHUB",
"id": "VHN-113888"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is Intel\u0027s micro PC, which is equivalent to a small desktop, allowing you to work, study and play in any room. A local information disclosure vulnerability exists in IntelNUC and ComputeStickDCI. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. \nNote: This issue was previously titled \u0027Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability\u0027. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "VULHUB",
"id": "VHN-113888"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5685",
"trust": 3.4
},
{
"db": "BID",
"id": "97408",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-10729",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-113888",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "VULHUB",
"id": "VHN-113888"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"id": "VAR-201704-0656",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "VULHUB",
"id": "VHN-113888"
}
],
"trust": 1.38599158
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
}
]
},
"last_update_date": "2023-12-18T12:37:29.186000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00073",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"title": "Patch for IntelNUC and ComputeStickDCI Local Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96214"
},
{
"title": "Intel NUC systems based on 6th Gen Intel Core BIOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73790"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113888"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "NVD",
"id": "CVE-2017-5685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/97408"
},
{
"trust": 1.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5685"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5685"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026amp;languageid=en-fr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "VULHUB",
"id": "VHN-113888"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"db": "VULHUB",
"id": "VHN-113888"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"date": "2017-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113888"
},
{
"date": "2017-04-03T00:00:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"date": "2017-04-03T21:59:00.220000",
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"date": "2017-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10729"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113888"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002979"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5685"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97408"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel NUC system\u0027s BIOS Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002979"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-152"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.