CVE-2017-5691

high-risk

Published 2017-07-26

Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.

Do I need to act?

0.41% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.0/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Nuc7I3Bnk Bios

Nuc7I5Bnk Bios

Nuc6I7Kyk Bios

Nuc6I3Syk Bios

Nuc6I5Syk Bios

R1304Sposhor Bios

R1304Sposhorr Bios

Lr1304Spcfg1R Bios

S1200Spor Bios

S1200Spl Bios

R1304Sposhbn Bios

S1200Splr Bios

R1304Sposhbnr Bios

Nuc7I7Bnh Bios

Stk2Mv64Cc Bios

Stk2M3W64Cc Bios

R1208Sposhorr Bios

R1208Sposhor Bios

S1200Spsr Bios

Lr1304Spcfg1 Bios

Affected Vendors

Intel

References (6)

Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...

Vendor Advisory https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languagei...

https://support.lenovo.com/us/en/product_security/LEN-15184

Third Party Advisory https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...

Vendor Advisory https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languagei...

https://support.lenovo.com/us/en/product_security/LEN-15184

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 2/34 · Minimal

Exposure 20/34 · Moderate