CVE Vulnerabilities

CVE-2017-5700

Insufficiently Protected Credentials

Published: Oct 11, 2017 | Modified: Oct 03, 2019
CVSS 3.x
8.4
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Nuc7i7bnh_firmware Intel ayaplcel.86a.0041 (including) ayaplcel.86a.0041 (including)
Nuc7i7bnh_firmware Intel bnkbl357.86a.0052 (including) bnkbl357.86a.0052 (including)
Nuc7i7bnh_firmware Intel ccsklm5v.86a.0052 (including) ccsklm5v.86a.0052 (including)
Nuc7i7bnh_firmware Intel ccsklm30.86a.0052 (including) ccsklm30.86a.0052 (including)
Nuc7i7bnh_firmware Intel dnkbli5v.86a.0026 (including) dnkbli5v.86a.0026 (including)
Nuc7i7bnh_firmware Intel dnkbli30.86a.0026 (including) dnkbli30.86a.0026 (including)
Nuc7i7bnh_firmware Intel kyskli70.86a.0050 (including) kyskli70.86a.0050 (including)
Nuc7i7bnh_firmware Intel rybdwi35.86a.0366 (including) rybdwi35.86a.0366 (including)
Nuc7i7bnh_firmware Intel syskli35.86a.0062 (including) syskli35.86a.0062 (including)
Nuc7i7bnh_firmware Intel tybyt20h.86a.0015 (including) tybyt20h.86a.0015 (including)

Potential Mitigations

References