CVE-2017-8083 (GCVE-0-2017-8083)

Vulnerability from cvelistv5 – Published: 2017-06-06 14:00 – Updated: 2024-08-05 16:27

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2017-11309

Vulnerability from cnvd - Published: 2017-06-26

Title

CompuLab Intense PC和MintBox 2 BIOS权限漏洞

Description

CompuLab Intense PC和MintBox 2都是以色列CompuLab公司的迷你型PC设备。BIOS是一个ROM芯片上的应用程序。使用BIOS 2017-05-21之前的版本的CompuLab Intense PC和MintBox 2中存在BIOS权限漏洞，该漏洞源于程序未能对闪存区域使用CloseMnf保护机制来实施写入保护。本地攻击者可利用该漏洞安装固件rootkit，已知的操作系统漏洞利用远程执行升级（无需用户交互或通知）。

Severity

高

Patch Name

CompuLab Intense PC和MintBox 2 BIOS权限漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://compulab.com/

Reference

http://seclists.org/fulldisclosure/2017/Jun/6

Impacted products

Name
['CompuLab MintBox 2 <2017-05-21', 'CompuLab Intense PC <2017-05-21']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8083"
    }
  },
  "description": "CompuLab Intense PC\u548cMintBox 2\u90fd\u662f\u4ee5\u8272\u5217CompuLab\u516c\u53f8\u7684\u8ff7\u4f60\u578bPC\u8bbe\u5907\u3002BIOS\u662f\u4e00\u4e2aROM\u82af\u7247\u4e0a\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u4f7f\u7528BIOS 2017-05-21\u4e4b\u524d\u7684\u7248\u672c\u7684CompuLab Intense PC\u548cMintBox 2\u4e2d\u5b58\u5728BIOS\u6743\u9650\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u95ea\u5b58\u533a\u57df\u4f7f\u7528CloseMnf\u4fdd\u62a4\u673a\u5236\u6765\u5b9e\u65bd\u5199\u5165\u4fdd\u62a4\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b89\u88c5\u56fa\u4ef6rootkit\uff0c\u5df2\u77e5\u7684\u64cd\u4f5c\u7cfb\u7edf\u6f0f\u6d1e\u5229\u7528\u8fdc\u7a0b\u6267\u884c\u5347\u7ea7\uff08\u65e0\u9700\u7528\u6237\u4ea4\u4e92\u6216\u901a\u77e5\uff09\u3002",
  "discovererName": "Hal Martin",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://compulab.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-11309",
  "openTime": "2017-06-26",
  "patchDescription": "CompuLab Intense PC\u548cMintBox 2\u90fd\u662f\u4ee5\u8272\u5217CompuLab\u516c\u53f8\u7684\u8ff7\u4f60\u578bPC\u8bbe\u5907\u3002BIOS\u662f\u4e00\u4e2aROM\u82af\u7247\u4e0a\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u4f7f\u7528BIOS 2017-05-21\u4e4b\u524d\u7684\u7248\u672c\u7684CompuLab Intense PC\u548cMintBox 2\u4e2d\u5b58\u5728BIOS\u6743\u9650\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9\u95ea\u5b58\u533a\u57df\u4f7f\u7528CloseMnf\u4fdd\u62a4\u673a\u5236\u6765\u5b9e\u65bd\u5199\u5165\u4fdd\u62a4\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b89\u88c5\u56fa\u4ef6rootkit\uff0c\u5df2\u77e5\u7684\u64cd\u4f5c\u7cfb\u7edf\u6f0f\u6d1e\u5229\u7528\u8fdc\u7a0b\u6267\u884c\u5347\u7ea7\uff08\u65e0\u9700\u7528\u6237\u4ea4\u4e92\u6216\u901a\u77e5\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "CompuLab Intense PC\u548cMintBox 2 BIOS\u6743\u9650\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "CompuLab MintBox 2 \u003c2017-05-21",
      "CompuLab Intense PC \u003c2017-05-21"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Jun/6",
  "serverity": "\u9ad8",
  "submitTime": "2017-06-07",
  "title": "CompuLab Intense PC\u548cMintBox 2 BIOS\u6743\u9650\u6f0f\u6d1e"
}

GHSA-GMJ8-3PWF-6MRG

Vulnerability from github – Published: 2022-05-13 01:47 – Updated: 2025-04-20 03:38

Details

Severity ?

6.7 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-8083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-06T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.",
  "id": "GHSA-gmj8-3pwf-6mrg",
  "modified": "2025-04-20T03:38:30Z",
  "published": "2022-05-13T01:47:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8083"
    },
    {
      "type": "WEB",
      "url": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Jun/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-8083

Vulnerability from fkie_nvd - Published: 2017-06-06 14:29 - Updated: 2025-04-20 01:37

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://seclists.org/fulldisclosure/2017/Jun/6	Mailing List, Third Party Advisory
cve@mitre.org	https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Jun/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/	Third Party Advisory

Impacted products

Vendor	Product	Version
compulab	intense_pc_firmware	*
compulab	intense_pc	-
compulab	mintbox_2_firmware	*
compulab	mintbox_2	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:compulab:intense_pc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D42B7384-0A9E-40C6-B8DA-2C537F90F951",
              "versionEndIncluding": "cr_2.2.0.400.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:compulab:intense_pc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F825C891-97AC-4AF2-9F48-F50BF7CF067D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:compulab:mintbox_2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F7F6E4-DBE4-4B30-ABC3-63200D543ACC",
              "versionEndIncluding": "cr_2.2.0.400.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:compulab:mintbox_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0CBAE7-741E-4C27-848D-131AEA92EB1B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges."
    },
    {
      "lang": "es",
      "value": "Los dispositivos CompuLab Intense PC y MintBox 2 con BIOS antes del 21-05-2017 no usan el mecanismo de protecci\u00f3n CloseMnf para la protecci\u00f3n contra escritura de regiones de memoria flash, lo que permite a los usuarios locales instalar un rootkit de firmware aprovechando los privilegios administrativos."
    }
  ],
  "id": "CVE-2017-8083",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-06T14:29:01.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jun/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Jun/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-8083

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-8083

Aliases

CVE-2017-8083

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-8083",
    "description": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.",
    "id": "GSD-2017-8083"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-8083"
      ],
      "details": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.",
      "id": "GSD-2017-8083",
      "modified": "2023-12-13T01:21:08.258210Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-8083",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/",
            "refsource": "MISC",
            "url": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2017/Jun/6",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2017/Jun/6"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:compulab:intense_pc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "cr_2.2.0.400.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:compulab:intense_pc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:compulab:mintbox_2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "cr_2.2.0.400.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:compulab:mintbox_2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8083"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2017/Jun/6",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jun/6"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-06-06T14:29Z"
    }
  }
}

VAR-201706-0589

Vulnerability from variot - Updated: 2025-04-20 23:35

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. CompuLabIntensePC and MintBox2 are mini PC devices from CompuLab, Israel. The BIOS is an application on a ROM chip. A BIOS permission vulnerability exists in CompuLabIntensePC and MintBox2 versions prior to BIOS2017-05-21. The vulnerability stems from the program failing to implement write protection using the CloseMnf protection mechanism for the flash region. Credits: Hal Martin Website: watchmysys.com Source: https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/

Vendor:

CompuLab (compulab.com)

Product:

Intense PC / MintBox 2

Vulnerability type:

Write-protection not enabled on system firmware

CVE Reference:

CVE-2017-8083

Summary:

Since 2013 CompuLab manufactures and sells the IntensePC/MintBox 2, which is a small Intel-based fanless PC sold to end-users and industrial customers. It was discovered that in the default configuration write-protection is not enabled for the BIOS/ME/GbE regions of flash.

CompuLab have created a patch to resolve the issue, however they have not yet released the patch publicly. This vulnerability is being published as the 90 day disclosure deadline has been reached.

Affected versions:

All firmware versions since product release (latest public firmware is 21 June 2016)

Attack Vector:

An attacker tricks the user into running a malicious executable with local administrator privileges, which updates the system firmware to include the attacker's code.

Proof of concept:

I have created a modified firmware update which replaces the stock UEFI shell with the UEFI shell from EDK2. The update can be flashed from within Windows without any user interaction or notification. Firmware updates are not signed by CompuLab or verified by the existing firmware before upgrade.

The modified update can be downloaded here: https://watchmysys.com/blog/wp-content/uploads/2017/06/update-IPC-20160621-edk2.zip

Details of the full proof of concept can be found at the Source link above.

Disclosure timeline:

1 March 2017: Vulnerability is reported to CompuLab via their support email address 2 March 2017: CompuLab replies they will create a beta BIOS to address the vulnerability 6 March 2017: I request a timeline to fix the issue 7 March 2017: CompuLab replies they will create a beta BIOS for testing and they awill provide an official public release in the futurea 8 March 2017: CompuLab replies with instructions to run closemnf via the Intel FPT tool 8 March 2017: I inform CompuLab I am waiting for the official BIOS update to resolve the issue 8 March 2017: CompuLab replies with copy of Intel FPT tool and requests anot to publish or disclose this informationa 8 March 2017: CompuLab is informed that details of the vulnerability will be published on 4 June 2017 23 April 2017: Issue is reported to MITRE 24 April 2017: Vulnerability is assigned CVE-2017-8083 3 May 2017: CompuLab communicates that they will delay fixing this vulnerability until Intel provides an updated ME firmware to address CVE-2017-5689 4 May 2017: I inform CompuLab that details of this vulnerability will be published on 4 June 2017 as previously discussed 11 May 2017: CompuLab sends a proposed fix for testing, the update script fails due to invalid command syntax for flashrom 14 May 2017: I inform CompuLab of the invalid syntax and provide the correct usage, and confirm that the fix enables write-protection on the ME/BIOS/GbE regions of flash 15 May 2017: CompuLab replies with a revised update script 15 May 2017: I inform CompuLab that the syntax of the revised script is correct, however my unit has already been updated so I cannot re-test 4 June 2017: Details of the vulnerability are published

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0589",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "intense pc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "compulab",
        "version": "cr_2.2.0.400.2"
      },
      {
        "model": "mintbox 2",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "compulab",
        "version": "cr_2.2.0.400.2"
      },
      {
        "model": "intense pc",
        "scope": null,
        "trust": 0.8,
        "vendor": "compulab",
        "version": null
      },
      {
        "model": "mintbox 2",
        "scope": null,
        "trust": 0.8,
        "vendor": "compulab",
        "version": null
      },
      {
        "model": "mintbox",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "compulab",
        "version": "2\u003c2017-05-21"
      },
      {
        "model": "intense pc",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "compulab",
        "version": "2017-05-21"
      },
      {
        "model": "mintbox 2",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "compulab",
        "version": "cr_2.2.0.400.2"
      },
      {
        "model": "intense pc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "compulab",
        "version": "cr_2.2.0.400.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:compulab:intense_pc_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:compulab:mintbox_2_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hal Martin",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "142815"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2017-8083",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-8083",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-11309",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-116286",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2017-8083",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-8083",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-8083",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-11309",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-1168",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-116286",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. CompuLabIntensePC and MintBox2 are mini PC devices from CompuLab, Israel. The BIOS is an application on a ROM chip. A BIOS permission vulnerability exists in CompuLabIntensePC and MintBox2 versions prior to BIOS2017-05-21. The vulnerability stems from the program failing to implement write protection using the CloseMnf protection mechanism for the flash region. Credits: Hal Martin\nWebsite: watchmysys.com\nSource: https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/\n\n\nVendor:\n====================\nCompuLab (compulab.com)\n\n\nProduct:\n====================\nIntense PC / MintBox 2\n\n\nVulnerability type:\n====================\nWrite-protection not enabled on system firmware\n\n\nCVE Reference:\n====================\nCVE-2017-8083\n\n\nSummary:\n====================\nSince 2013 CompuLab manufactures and sells the IntensePC/MintBox 2, which is a small Intel-based fanless PC sold to end-users and industrial customers. It was discovered that in the default configuration write-protection is not enabled for the BIOS/ME/GbE regions of flash. \n\nCompuLab have created a patch to resolve the issue, however they have not yet released the patch publicly. This vulnerability is being published as the 90 day disclosure deadline has been reached. \n\n\nAffected versions:\n====================\nAll firmware versions since product release (latest public firmware is 21 June 2016)\n\n\nAttack Vector:\n====================\nAn attacker tricks the user into running a malicious executable with local administrator privileges, which updates the system firmware to include the attacker\u0027s code. \n\n\nProof of concept:\n====================\nI have created a modified firmware update which replaces the stock UEFI shell with the UEFI shell from EDK2. The update can be flashed from within Windows without any user interaction or notification. Firmware updates are not signed by CompuLab or verified by the existing firmware before upgrade. \n\nThe modified update can be downloaded here: https://watchmysys.com/blog/wp-content/uploads/2017/06/update-IPC-20160621-edk2.zip\n\nDetails of the full proof of concept can be found at the Source link above. \n\n\nDisclosure timeline:\n====================\n1 March 2017: Vulnerability is reported to CompuLab via their support email address\n2 March 2017: CompuLab replies they will create a beta BIOS to address the vulnerability\n6 March 2017: I request a timeline to fix the issue\n7 March 2017: CompuLab replies they will create a beta BIOS for testing and they awill provide an official public release in the futurea\n8 March 2017: CompuLab replies with instructions to run closemnf via the Intel FPT tool\n8 March 2017: I inform CompuLab I am waiting for the official BIOS update to resolve the issue\n8 March 2017: CompuLab replies with copy of Intel FPT tool and requests anot to publish or disclose this informationa\n8 March 2017: CompuLab is informed that details of the vulnerability will be published on 4 June 2017\n23 April 2017: Issue is reported to MITRE\n24 April 2017: Vulnerability is assigned CVE-2017-8083\n3 May 2017: CompuLab communicates that they will delay fixing this vulnerability until Intel provides an updated ME firmware to address CVE-2017-5689\n4 May 2017: I inform CompuLab that details of this vulnerability will be published on 4 June 2017 as previously discussed\n11 May 2017: CompuLab sends a proposed fix for testing, the update script fails due to invalid command syntax for flashrom\n14 May 2017: I inform CompuLab of the invalid syntax and provide the correct usage, and confirm that the fix enables write-protection on the ME/BIOS/GbE regions of flash\n15 May 2017: CompuLab replies with a revised update script\n15 May 2017: I inform CompuLab that the syntax of the revised script is correct, however my unit has already been updated so I cannot re-test\n4 June 2017: Details of the vulnerability are published",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-8083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "db": "PACKETSTORM",
        "id": "142815"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-116286",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-8083",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "142815",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-116286",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "PACKETSTORM",
        "id": "142815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "id": "VAR-201706-0589",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      }
    ],
    "trust": 1.2982143
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:35:49.547000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.compulab.com/"
      },
      {
        "title": "Patch for CompuLabIntensePC and MintBox2BIOS Permission Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/96412"
      },
      {
        "title": "CompuLab Intense PC  and MintBox 2 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99757"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-862",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-254",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/"
      },
      {
        "trust": 2.3,
        "url": "http://seclists.org/fulldisclosure/2017/jun/6"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8083"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8083"
      },
      {
        "trust": 0.1,
        "url": "https://watchmysys.com/blog/wp-content/uploads/2017/06/update-ipc-20160621-edk2.zip"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "PACKETSTORM",
        "id": "142815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "db": "PACKETSTORM",
        "id": "142815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "date": "2017-06-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "date": "2017-07-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "date": "2017-06-05T03:01:11",
        "db": "PACKETSTORM",
        "id": "142815"
      },
      {
        "date": "2017-04-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      },
      {
        "date": "2017-06-06T14:29:01",
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-11309"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-116286"
      },
      {
        "date": "2017-07-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-8083"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BIOS 2017-05-21 Less than  CompuLab Intense PC and  MintBox 2 Vulnerability to install firmware rootkit on devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004688"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1168"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-8083 (GCVE-0-2017-8083)

CNVD-2017-11309

GHSA-GMJ8-3PWF-6MRG

FKIE_CVE-2017-8083

GSD-2017-8083

VAR-201706-0589

Vendor:

Product:

Vulnerability type:

CVE Reference:

Summary:

Affected versions:

Attack Vector:

Proof of concept:

Disclosure timeline:

Tags

Sightings

Nomenclature