Vulnerability Details CVE-2017-9457
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.7%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html
- http://seclists.org/fulldisclosure/2017/Jul/56
- https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
- http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html
- http://seclists.org/fulldisclosure/2017/Jul/56
- https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
Products affected by CVE-2017-9457
-
cpe:2.3:h:compulab:intense_pc:-
-
cpe:2.3:o:compulab:intense_pc_firmware:cr_2.2.0.400.2