Vulnerability Description
CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Compulab | Intense Pc Firmware | <= cr_2.2.0.400.2 |
| Compulab | Intense Pc | - |
| Compulab | Mintbox 2 Firmware | <= cr_2.2.0.400.2 |
| Compulab | Mintbox 2 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Jun/6Mailing ListThird Party Advisory
- https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-Third Party Advisory
- http://seclists.org/fulldisclosure/2017/Jun/6Mailing ListThird Party Advisory
- https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-Third Party Advisory
FAQ
What is CVE-2017-8083?
CVE-2017-8083 is a vulnerability with a CVSS score of 6.7 (MEDIUM). CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a f...
How severe is CVE-2017-8083?
CVE-2017-8083 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8083?
Check the references section above for vendor advisories and patch information. Affected products include: Compulab Intense Pc Firmware, Compulab Intense Pc, Compulab Mintbox 2 Firmware, Compulab Mintbox 2.