VAR-201704-0657
Vulnerability from variot - Updated: 2023-12-18 12:37The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is a micro PC from Intel Corporation. IntelNUC has a local information disclosure vulnerability. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. Note: This issue was previously titled 'Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability'. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc6i3syk bios",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "syskli35.86a.0057.2017.0119.1758"
},
{
"model": "nuc6i3syh bios",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "syskli35.86a.0057.2017.0119.1758"
},
{
"model": "nuc kit nuc6i3syh",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6i3syk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc systems based on 6th gen intel core processors \u003csy0059",
"scope": null,
"trust": 0.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i3syh bios",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "syskli35.86a.0057.2017.0119.1758"
},
{
"model": "nuc6i3syk bios",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "syskli35.86a.0057.2017.0119.1758"
},
{
"model": "nuc6i7kyk",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i5syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i3syh/k",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "compute stick stk2mv64cc",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "nuc6i7kyk ky0045",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i5syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i3syh/k sy0059",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2mv64cc cc0047",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc6i3syh_bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "syskli35.86a.0057.2017.0119.1758",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc6i5syh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc6i3syk_bios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "syskli35.86a.0057.2017.0119.1758",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc6i3syk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5686"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Goryachy and Mark Ermolov of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "97408"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5686",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5686",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-09916",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-113889",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.9,
"baseSeverity": "Low",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5686",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5686",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2017-09916",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-151",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-113889",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "VULHUB",
"id": "VHN-113889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. IntelNUC is a micro PC from Intel Corporation. IntelNUC has a local information disclosure vulnerability. Intel NUC and Compute Stick are prone to multiple local information-disclosure vulnerabilities. \nNote: This issue was previously titled \u0027Intel NUC and Compute Stick DCI CVE-2017-5685 Local Information Disclosure Vulnerability\u0027. The title and technical details have been changed to better reflect the vulnerability impact. BIOS is one of the basic input input systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "VULHUB",
"id": "VHN-113889"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5686",
"trust": 3.4
},
{
"db": "BID",
"id": "97408",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-09916",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-113889",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "VULHUB",
"id": "VHN-113889"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"id": "VAR-201704-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "VULHUB",
"id": "VHN-113889"
}
],
"trust": 1.35398737
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
}
]
},
"last_update_date": "2023-12-18T12:37:29.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00073",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"title": "IntelNUC Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/95624"
},
{
"title": "Intel NUC systems based on 6th Gen Intel Core BIOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73789"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "NVD",
"id": "CVE-2017-5686"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026languageid=en-fr"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5686"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5686"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/97408"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00073\u0026amp;languageid=en-fr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "VULHUB",
"id": "VHN-113889"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"db": "VULHUB",
"id": "VHN-113889"
},
{
"db": "BID",
"id": "97408"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"date": "2017-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113889"
},
{
"date": "2017-04-03T00:00:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"date": "2017-04-03T21:59:00.250000",
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"date": "2017-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-09916"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113889"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97408"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002980"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5686"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97408"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel NUC system\u0027s BIOS Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-151"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…