CVE-2017-5722

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Nuc7i7bnh_firmware	Intel	ayaplcel.86a.0041 (including)	ayaplcel.86a.0041 (including)
Nuc7i7bnh_firmware	Intel	bnkbl357.86a.0052 (including)	bnkbl357.86a.0052 (including)
Nuc7i7bnh_firmware	Intel	ccsklm5v.86a.0052 (including)	ccsklm5v.86a.0052 (including)
Nuc7i7bnh_firmware	Intel	ccsklm30.86a.0052 (including)	ccsklm30.86a.0052 (including)
Nuc7i7bnh_firmware	Intel	dnkbli5v.86a.0026 (including)	dnkbli5v.86a.0026 (including)
Nuc7i7bnh_firmware	Intel	dnkbli30.86a.0026 (including)	dnkbli30.86a.0026 (including)
Nuc7i7bnh_firmware	Intel	kyskli70.86a.0050 (including)	kyskli70.86a.0050 (including)
Nuc7i7bnh_firmware	Intel	rybdwi35.86a.0366 (including)	rybdwi35.86a.0366 (including)
Nuc7i7bnh_firmware	Intel	syskli35.86a.0062 (including)	syskli35.86a.0062 (including)
Nuc7i7bnh_firmware	Intel	tybyt20h.86a.0015 (including)	tybyt20h.86a.0015 (including)

Potential Mitigations

References

http://www.securityfocus.com/bid/101236
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084\u0026languageid=en-fr

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-5722
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References