CVE-2017-5700

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name	Vendor	Start Version	End Version
Nuc7i7bnh_firmware	Intel	ayaplcel.86a.0041 (including)	ayaplcel.86a.0041 (including)
Nuc7i7bnh_firmware	Intel	bnkbl357.86a.0052 (including)	bnkbl357.86a.0052 (including)
Nuc7i7bnh_firmware	Intel	ccsklm5v.86a.0052 (including)	ccsklm5v.86a.0052 (including)
Nuc7i7bnh_firmware	Intel	ccsklm30.86a.0052 (including)	ccsklm30.86a.0052 (including)
Nuc7i7bnh_firmware	Intel	dnkbli5v.86a.0026 (including)	dnkbli5v.86a.0026 (including)
Nuc7i7bnh_firmware	Intel	dnkbli30.86a.0026 (including)	dnkbli30.86a.0026 (including)
Nuc7i7bnh_firmware	Intel	kyskli70.86a.0050 (including)	kyskli70.86a.0050 (including)
Nuc7i7bnh_firmware	Intel	rybdwi35.86a.0366 (including)	rybdwi35.86a.0366 (including)
Nuc7i7bnh_firmware	Intel	syskli35.86a.0062 (including)	syskli35.86a.0062 (including)
Nuc7i7bnh_firmware	Intel	tybyt20h.86a.0015 (including)	tybyt20h.86a.0015 (including)

Potential Mitigations

References

http://www.securityfocus.com/bid/101241
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084\u0026languageid=en-fr

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5700
CWE	https://cwe.mitre.org/data/definitions/522.html

Insufficiently Protected Credentials

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References