var-201704-0657
Vulnerability from variot
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is a micro PC from Intel Corporation. IntelNUC has a local information disclosure vulnerability. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. Note: This issue was previously titled 'Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0657", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nuc6i3syk bios", scope: "lte", trust: 1, vendor: "intel", version: "syskli35.86a.0057.2017.0119.1758", }, { model: "nuc6i3syh bios", scope: "lte", trust: 1, vendor: "intel", version: "syskli35.86a.0057.2017.0119.1758", }, { model: "nuc kit nuc6i3syh", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "nuc kit nuc6i3syk", scope: null, trust: 0.8, vendor: "intel", version: null, }, { model: "nuc systems based on 6th gen intel core processors <sy0059", scope: null, trust: 0.6, vendor: "intel", version: null, }, { model: "nuc6i3syh bios", scope: "eq", trust: 0.6, vendor: "intel", version: "syskli35.86a.0057.2017.0119.1758", }, { model: "nuc6i3syk bios", scope: "eq", trust: 0.6, vendor: "intel", version: "syskli35.86a.0057.2017.0119.1758", }, { model: "nuc6i7kyk", scope: "eq", trust: 0.3, vendor: "intel", version: "0", }, { model: "nuc6i5syh/k", scope: "eq", trust: 0.3, vendor: "intel", version: "0", }, { model: "nuc6i3syh/k", scope: "eq", trust: 0.3, vendor: "intel", version: "0", }, { model: "compute stick stk2mv64cc", scope: "eq", trust: 0.3, vendor: "intel", version: "0", }, { model: "nuc6i7kyk ky0045", scope: "ne", trust: 0.3, vendor: "intel", version: null, }, { model: "nuc6i5syh/k sy0059", scope: "ne", trust: 0.3, vendor: "intel", version: null, }, { model: "nuc6i3syh/k sy0059", scope: "ne", trust: 0.3, vendor: "intel", version: null, }, { model: "compute stick stk2mv64cc cc0047", scope: "ne", trust: 0.3, vendor: "intel", version: null, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-09916", }, { db: "BID", id: "97408", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "NVD", id: "CVE-2017-5686", }, { db: "CNNVD", id: "CNNVD-201704-151", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:nuc6i3syh_bios:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "syskli35.86a.0057.2017.0119.1758", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:nuc6i5syh:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intel:nuc6i3syk_bios:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "syskli35.86a.0057.2017.0119.1758", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intel:nuc6i3syk:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2017-5686", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Maxim Goryachy and Mark Ermolov of Positive Technologies.", sources: [ { db: "BID", id: "97408", }, ], trust: 0.3, }, cve: "CVE-2017-5686", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: true, accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Local", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 2.1, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2017-5686", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.8, userInteractionRequired: null, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "CNVD-2017-09916", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.6, vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", exploitabilityScore: 3.9, id: "VHN-113889", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:L/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "PHYSICAL", author: "NVD", availabilityImpact: "NONE", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "HIGH", exploitabilityScore: 0.3, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Physical", author: "NVD", availabilityImpact: "None", baseScore: 3.9, baseSeverity: "Low", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2017-5686", impactScore: null, integrityImpact: "None", privilegesRequired: "High", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2017-5686", trust: 1.8, value: "LOW", }, { author: "CNVD", id: "CNVD-2017-09916", trust: 0.6, value: "LOW", }, { author: "CNNVD", id: "CNNVD-201704-151", trust: 0.6, value: "LOW", }, { author: "VULHUB", id: "VHN-113889", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2017-09916", }, { db: "VULHUB", id: "VHN-113889", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "NVD", id: "CVE-2017-5686", }, { db: "CNNVD", id: "CNNVD-201704-151", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is a micro PC from Intel Corporation. IntelNUC has a local information disclosure vulnerability. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. \nNote: This issue was previously titled 'Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems", sources: [ { db: "NVD", id: "CVE-2017-5686", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "CNVD", id: "CNVD-2017-09916", }, { db: "BID", id: "97408", }, { db: "VULHUB", id: "VHN-113889", }, ], trust: 2.52, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2017-5686", trust: 3.4, }, { db: "BID", id: "97408", trust: 0.9, }, { db: "JVNDB", id: "JVNDB-2017-002980", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201704-151", trust: 0.7, }, { db: "CNVD", id: "CNVD-2017-09916", trust: 0.6, }, { db: "VULHUB", id: "VHN-113889", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-09916", }, { db: "VULHUB", id: "VHN-113889", }, { db: "BID", id: "97408", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "NVD", id: "CVE-2017-5686", }, { db: "CNNVD", id: "CNNVD-201704-151", }, ], }, id: "VAR-201704-0657", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2017-09916", }, { db: "VULHUB", id: "VHN-113889", }, ], trust: 1.35398737, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2017-09916", }, ], }, last_update_date: "2023-12-18T12:37:29.121000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "INTEL-SA-00073", trust: 0.8, url: "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073&languageid=en-fr", }, { title: "IntelNUC Information Disclosure Vulnerability Patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/95624", }, { title: "Intel NUC systems based on 6th Gen Intel Core BIOS Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73789", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-09916", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "CNNVD", id: "CNNVD-201704-151", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-276", trust: 1.1, }, { problemtype: "CWE-284", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-113889", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "NVD", id: "CVE-2017-5686", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.9, url: "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073&languageid=en-fr", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5686", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5686", }, { trust: 0.6, url: "http://www.securityfocus.com/bid/97408", }, { trust: 0.3, url: "http://www.intel.com/content/www/us/en/homepage.html", }, { trust: 0.1, url: "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073&languageid=en-fr", }, ], sources: [ { db: "CNVD", id: "CNVD-2017-09916", }, { db: "VULHUB", id: "VHN-113889", }, { db: "BID", id: "97408", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "NVD", id: "CVE-2017-5686", }, { db: "CNNVD", id: "CNNVD-201704-151", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2017-09916", }, { db: "VULHUB", id: "VHN-113889", }, { db: "BID", id: "97408", }, { db: "JVNDB", id: "JVNDB-2017-002980", }, { db: "NVD", id: "CVE-2017-5686", }, { db: "CNNVD", id: "CNNVD-201704-151", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-06-16T00:00:00", db: "CNVD", id: "CNVD-2017-09916", }, { date: "2017-04-03T00:00:00", db: "VULHUB", id: "VHN-113889", }, { date: "2017-04-03T00:00:00", db: "BID", id: "97408", }, { date: "2017-05-10T00:00:00", db: "JVNDB", id: "JVNDB-2017-002980", }, { date: "2017-04-03T21:59:00.250000", db: "NVD", id: "CVE-2017-5686", }, { date: "2017-04-03T00:00:00", db: "CNNVD", id: "CNNVD-201704-151", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-06-16T00:00:00", db: "CNVD", id: "CNVD-2017-09916", }, { date: "2019-10-03T00:00:00", db: "VULHUB", id: "VHN-113889", }, { date: "2017-04-11T00:03:00", db: "BID", id: "97408", }, { date: "2017-05-10T00:00:00", db: "JVNDB", id: "JVNDB-2017-002980", }, { date: "2019-10-03T00:03:26.223000", db: "NVD", id: "CVE-2017-5686", }, { date: "2019-10-23T00:00:00", db: "CNNVD", id: "CNNVD-201704-151", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "BID", id: "97408", }, { db: "CNNVD", id: "CNNVD-201704-151", }, ], trust: 0.9, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Intel NUC system's BIOS Vulnerabilities that gain access", sources: [ { db: "JVNDB", id: "JVNDB-2017-002980", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "lack of information", sources: [ { db: "CNNVD", id: "CNNVD-201704-151", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.