Intel: Security Vulnerabilities
Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle.
CVSS Score
7.4
EPSS Score
0.007
Published
2017-11-21
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.
CVSS Score
9.1
EPSS Score
0.005
Published
2017-11-16
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.
CVSS Score
8.4
EPSS Score
0.001
Published
2017-10-11
Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.
CVSS Score
7.1
EPSS Score
0.001
Published
2017-10-11
Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.
CVSS Score
7.5
EPSS Score
0.04
Published
2017-10-11
Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.
CVSS Score
7.5
EPSS Score
0.0
Published
2017-10-11
Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.
CVSS Score
4.4
EPSS Score
0.001
Published
2017-09-05
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
CVSS Score
9.8
EPSS Score
0.038
Published
2017-08-29
CVE-2015-2291
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
Known exploited
CVSS Score
7.8
EPSS Score
0.056
Published
2017-08-09
Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors.
CVSS Score
4.6
EPSS Score
0.0
Published
2017-08-09