Vulnerability Description
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Compulab | Intense Pc Firmware | <= cr_2.2.0.400.2 |
| Compulab | Intense Pc | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-SignatThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Jul/56Mailing ListThird Party Advisory
- https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmThird Party Advisory
- http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-SignatThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2017/Jul/56Mailing ListThird Party Advisory
- https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmThird Party Advisory
FAQ
What is CVE-2017-9457?
CVE-2017-9457 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrato...
How severe is CVE-2017-9457?
CVE-2017-9457 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9457?
Check the references section above for vendor advisories and patch information. Affected products include: Compulab Intense Pc Firmware, Compulab Intense Pc.