VAR-201706-0589
Vulnerability from variot - Updated: 2025-04-20 23:35CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. CompuLabIntensePC and MintBox2 are mini PC devices from CompuLab, Israel. The BIOS is an application on a ROM chip. A BIOS permission vulnerability exists in CompuLabIntensePC and MintBox2 versions prior to BIOS2017-05-21. The vulnerability stems from the program failing to implement write protection using the CloseMnf protection mechanism for the flash region. Credits: Hal Martin Website: watchmysys.com Source: https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/
Vendor:
CompuLab (compulab.com)
Product:
Intense PC / MintBox 2
Vulnerability type:
Write-protection not enabled on system firmware
CVE Reference:
CVE-2017-8083
Summary:
Since 2013 CompuLab manufactures and sells the IntensePC/MintBox 2, which is a small Intel-based fanless PC sold to end-users and industrial customers. It was discovered that in the default configuration write-protection is not enabled for the BIOS/ME/GbE regions of flash.
CompuLab have created a patch to resolve the issue, however they have not yet released the patch publicly. This vulnerability is being published as the 90 day disclosure deadline has been reached.
Affected versions:
All firmware versions since product release (latest public firmware is 21 June 2016)
Attack Vector:
An attacker tricks the user into running a malicious executable with local administrator privileges, which updates the system firmware to include the attacker's code.
Proof of concept:
I have created a modified firmware update which replaces the stock UEFI shell with the UEFI shell from EDK2. The update can be flashed from within Windows without any user interaction or notification. Firmware updates are not signed by CompuLab or verified by the existing firmware before upgrade.
The modified update can be downloaded here: https://watchmysys.com/blog/wp-content/uploads/2017/06/update-IPC-20160621-edk2.zip
Details of the full proof of concept can be found at the Source link above.
Disclosure timeline:
1 March 2017: Vulnerability is reported to CompuLab via their support email address 2 March 2017: CompuLab replies they will create a beta BIOS to address the vulnerability 6 March 2017: I request a timeline to fix the issue 7 March 2017: CompuLab replies they will create a beta BIOS for testing and they awill provide an official public release in the futurea 8 March 2017: CompuLab replies with instructions to run closemnf via the Intel FPT tool 8 March 2017: I inform CompuLab I am waiting for the official BIOS update to resolve the issue 8 March 2017: CompuLab replies with copy of Intel FPT tool and requests anot to publish or disclose this informationa 8 March 2017: CompuLab is informed that details of the vulnerability will be published on 4 June 2017 23 April 2017: Issue is reported to MITRE 24 April 2017: Vulnerability is assigned CVE-2017-8083 3 May 2017: CompuLab communicates that they will delay fixing this vulnerability until Intel provides an updated ME firmware to address CVE-2017-5689 4 May 2017: I inform CompuLab that details of this vulnerability will be published on 4 June 2017 as previously discussed 11 May 2017: CompuLab sends a proposed fix for testing, the update script fails due to invalid command syntax for flashrom 14 May 2017: I inform CompuLab of the invalid syntax and provide the correct usage, and confirm that the fix enables write-protection on the ME/BIOS/GbE regions of flash 15 May 2017: CompuLab replies with a revised update script 15 May 2017: I inform CompuLab that the syntax of the revised script is correct, however my unit has already been updated so I cannot re-test 4 June 2017: Details of the vulnerability are published
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0589",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intense pc",
"scope": "lte",
"trust": 1.0,
"vendor": "compulab",
"version": "cr_2.2.0.400.2"
},
{
"model": "mintbox 2",
"scope": "lte",
"trust": 1.0,
"vendor": "compulab",
"version": "cr_2.2.0.400.2"
},
{
"model": "intense pc",
"scope": null,
"trust": 0.8,
"vendor": "compulab",
"version": null
},
{
"model": "mintbox 2",
"scope": null,
"trust": 0.8,
"vendor": "compulab",
"version": null
},
{
"model": "mintbox",
"scope": "eq",
"trust": 0.6,
"vendor": "compulab",
"version": "2\u003c2017-05-21"
},
{
"model": "intense pc",
"scope": "lt",
"trust": 0.6,
"vendor": "compulab",
"version": "2017-05-21"
},
{
"model": "mintbox 2",
"scope": "eq",
"trust": 0.6,
"vendor": "compulab",
"version": "cr_2.2.0.400.2"
},
{
"model": "intense pc",
"scope": "eq",
"trust": 0.6,
"vendor": "compulab",
"version": "cr_2.2.0.400.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
},
{
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:compulab:intense_pc_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:compulab:mintbox_2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hal Martin",
"sources": [
{
"db": "PACKETSTORM",
"id": "142815"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8083",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8083",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-11309",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-116286",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-8083",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8083",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-8083",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-11309",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1168",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-116286",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "VULHUB",
"id": "VHN-116286"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
},
{
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. CompuLabIntensePC and MintBox2 are mini PC devices from CompuLab, Israel. The BIOS is an application on a ROM chip. A BIOS permission vulnerability exists in CompuLabIntensePC and MintBox2 versions prior to BIOS2017-05-21. The vulnerability stems from the program failing to implement write protection using the CloseMnf protection mechanism for the flash region. Credits: Hal Martin\nWebsite: watchmysys.com\nSource: https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/\n\n\nVendor:\n====================\nCompuLab (compulab.com)\n\n\nProduct:\n====================\nIntense PC / MintBox 2\n\n\nVulnerability type:\n====================\nWrite-protection not enabled on system firmware\n\n\nCVE Reference:\n====================\nCVE-2017-8083\n\n\nSummary:\n====================\nSince 2013 CompuLab manufactures and sells the IntensePC/MintBox 2, which is a small Intel-based fanless PC sold to end-users and industrial customers. It was discovered that in the default configuration write-protection is not enabled for the BIOS/ME/GbE regions of flash. \n\nCompuLab have created a patch to resolve the issue, however they have not yet released the patch publicly. This vulnerability is being published as the 90 day disclosure deadline has been reached. \n\n\nAffected versions:\n====================\nAll firmware versions since product release (latest public firmware is 21 June 2016)\n\n\nAttack Vector:\n====================\nAn attacker tricks the user into running a malicious executable with local administrator privileges, which updates the system firmware to include the attacker\u0027s code. \n\n\nProof of concept:\n====================\nI have created a modified firmware update which replaces the stock UEFI shell with the UEFI shell from EDK2. The update can be flashed from within Windows without any user interaction or notification. Firmware updates are not signed by CompuLab or verified by the existing firmware before upgrade. \n\nThe modified update can be downloaded here: https://watchmysys.com/blog/wp-content/uploads/2017/06/update-IPC-20160621-edk2.zip\n\nDetails of the full proof of concept can be found at the Source link above. \n\n\nDisclosure timeline:\n====================\n1 March 2017: Vulnerability is reported to CompuLab via their support email address\n2 March 2017: CompuLab replies they will create a beta BIOS to address the vulnerability\n6 March 2017: I request a timeline to fix the issue\n7 March 2017: CompuLab replies they will create a beta BIOS for testing and they awill provide an official public release in the futurea\n8 March 2017: CompuLab replies with instructions to run closemnf via the Intel FPT tool\n8 March 2017: I inform CompuLab I am waiting for the official BIOS update to resolve the issue\n8 March 2017: CompuLab replies with copy of Intel FPT tool and requests anot to publish or disclose this informationa\n8 March 2017: CompuLab is informed that details of the vulnerability will be published on 4 June 2017\n23 April 2017: Issue is reported to MITRE\n24 April 2017: Vulnerability is assigned CVE-2017-8083\n3 May 2017: CompuLab communicates that they will delay fixing this vulnerability until Intel provides an updated ME firmware to address CVE-2017-5689\n4 May 2017: I inform CompuLab that details of this vulnerability will be published on 4 June 2017 as previously discussed\n11 May 2017: CompuLab sends a proposed fix for testing, the update script fails due to invalid command syntax for flashrom\n14 May 2017: I inform CompuLab of the invalid syntax and provide the correct usage, and confirm that the fix enables write-protection on the ME/BIOS/GbE regions of flash\n15 May 2017: CompuLab replies with a revised update script\n15 May 2017: I inform CompuLab that the syntax of the revised script is correct, however my unit has already been updated so I cannot re-test\n4 June 2017: Details of the vulnerability are published",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8083"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "VULHUB",
"id": "VHN-116286"
},
{
"db": "PACKETSTORM",
"id": "142815"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-116286",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116286"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8083",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1168",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-11309",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "142815",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116286",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "VULHUB",
"id": "VHN-116286"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "PACKETSTORM",
"id": "142815"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
},
{
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"id": "VAR-201706-0589",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "VULHUB",
"id": "VHN-116286"
}
],
"trust": 1.2982143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
}
]
},
"last_update_date": "2025-04-20T23:35:49.547000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.compulab.com/"
},
{
"title": "Patch for CompuLabIntensePC and MintBox2BIOS Permission Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/96412"
},
{
"title": "CompuLab Intense PC and MintBox 2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99757"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116286"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2017/jun/6"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8083"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8083"
},
{
"trust": 0.1,
"url": "https://watchmysys.com/blog/wp-content/uploads/2017/06/update-ipc-20160621-edk2.zip"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "VULHUB",
"id": "VHN-116286"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "PACKETSTORM",
"id": "142815"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
},
{
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"db": "VULHUB",
"id": "VHN-116286"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"db": "PACKETSTORM",
"id": "142815"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
},
{
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"date": "2017-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-116286"
},
{
"date": "2017-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"date": "2017-06-05T03:01:11",
"db": "PACKETSTORM",
"id": "142815"
},
{
"date": "2017-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1168"
},
{
"date": "2017-06-06T14:29:01",
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-11309"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116286"
},
{
"date": "2017-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004688"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1168"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-8083"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOS 2017-05-21 Less than CompuLab Intense PC and MintBox 2 Vulnerability to install firmware rootkit on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004688"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1168"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…