← Back

CVE-2017-5722

nvd nist
Published: Oct 11, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 6.0
Source: NVD

Description

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.

Affected (50)

Intel
5 products
Nuc7i7bnh Firmware
Nuc7i5bnh Firmware
Nuc7i5bnk Firmware
Nuc7i3bnh Firmware
Nuc7i3bnk Firmware
Configuration A
10 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Intel
Nuc7i7bnh Firmware
Version ayaplcel.86a.0041
Nuc7i7bnh Firmware
Version bnkbl357.86a.0052
Nuc7i7bnh Firmware
Version ccsklm30.86a.0052
Nuc7i7bnh Firmware
Version ccsklm5v.86a.0052
Nuc7i7bnh Firmware
Version dnkbli30.86a.0026
Nuc7i7bnh Firmware
Version dnkbli5v.86a.0026
Nuc7i7bnh Firmware
Version kyskli70.86a.0050
Nuc7i7bnh Firmware
Version rybdwi35.86a.0366
Nuc7i7bnh Firmware
Version syskli35.86a.0062
Nuc7i7bnh Firmware
Version tybyt20h.86a.0015
Running on/withPlatform Versions
Intel
Nuc7i7bnh
All versions
Configuration B
10 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Intel
Nuc7i5bnh Firmware
Version ayaplcel.86a.0041
Nuc7i5bnh Firmware
Version bnkbl357.86a.0052
Nuc7i5bnh Firmware
Version ccsklm30.86a.0052
Nuc7i5bnh Firmware
Version ccsklm5v.86a.0052
Nuc7i5bnh Firmware
Version dnkbli30.86a.0026
Nuc7i5bnh Firmware
Version dnkbli5v.86a.0026
Nuc7i5bnh Firmware
Version kyskli70.86a.0050
Nuc7i5bnh Firmware
Version rybdwi35.86a.0366
Nuc7i5bnh Firmware
Version syskli35.86a.0062
Nuc7i5bnh Firmware
Version tybyt20h.86a.0015
Running on/withPlatform Versions
Intel
Nuc7i5bnh
All versions
Configuration C
10 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Intel
Nuc7i5bnk Firmware
Version ayaplcel.86a.0041
Nuc7i5bnk Firmware
Version bnkbl357.86a.0052
Nuc7i5bnk Firmware
Version ccsklm30.86a.0052
Nuc7i5bnk Firmware
Version ccsklm5v.86a.0052
Nuc7i5bnk Firmware
Version dnkbli30.86a.0026
Nuc7i5bnk Firmware
Version dnkbli5v.86a.0026
Nuc7i5bnk Firmware
Version kyskli70.86a.0050
Nuc7i5bnk Firmware
Version rybdwi35.86a.0366
Nuc7i5bnk Firmware
Version syskli35.86a.0062
Nuc7i5bnk Firmware
Version tybyt20h.86a.0015
Running on/withPlatform Versions
Intel
Nuc7i5bnk
All versions
Configuration D
10 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Intel
Nuc7i3bnh Firmware
Version ayaplcel.86a.0041
Nuc7i3bnh Firmware
Version bnkbl357.86a.0052
Nuc7i3bnh Firmware
Version ccsklm30.86a.0052
Nuc7i3bnh Firmware
Version ccsklm5v.86a.0052
Nuc7i3bnh Firmware
Version dnkbli30.86a.0026
Nuc7i3bnh Firmware
Version dnkbli5v.86a.0026
Nuc7i3bnh Firmware
Version kyskli70.86a.0050
Nuc7i3bnh Firmware
Version rybdwi35.86a.0366
Nuc7i3bnh Firmware
Version syskli35.86a.0062
Nuc7i3bnh Firmware
Version tybyt20h.86a.0015
Running on/withPlatform Versions
Intel
Nuc7i3bnh
All versions
Configuration E
10 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Intel
Nuc7i3bnk Firmware
Version ayaplcel.86a.0041
Nuc7i3bnk Firmware
Version bnkbl357.86a.0052
Nuc7i3bnk Firmware
Version ccsklm30.86a.0052
Nuc7i3bnk Firmware
Version ccsklm5v.86a.0052
Nuc7i3bnk Firmware
Version dnkbli30.86a.0026
Nuc7i3bnk Firmware
Version dnkbli5v.86a.0026
Nuc7i3bnk Firmware
Version kyskli70.86a.0050
Nuc7i3bnk Firmware
Version rybdwi35.86a.0366
Nuc7i3bnk Firmware
Version syskli35.86a.0062
Nuc7i3bnk Firmware
Version tybyt20h.86a.0015
Running on/withPlatform Versions
Intel
Nuc7i3bnk
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

Source: secure@intel.com
Third Party AdvisoryVDB Entry
Source: secure@intel.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.