CVE-2017-5707

moderate-risk
Published 2017-11-21

Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Intel

References (14)

Third Party Advisory http://www.securityfocus.com/bid/101919
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Issue Tracking https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languagei...
Issue Tracking https://security.netapp.com/advisory/ntap-20171120-0001/
https://twitter.com/PTsecurity_UK/status/938447926128291842
https://www.asus.com/News/wzeltG5CjYaIwGJ0
https://www.synology.com/support/security/Synology_SA_17_73
Third Party Advisory http://www.securityfocus.com/bid/101919
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Issue Tracking https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languagei...
Issue Tracking https://security.netapp.com/advisory/ntap-20171120-0001/
https://twitter.com/PTsecurity_UK/status/938447926128291842
https://www.asus.com/News/wzeltG5CjYaIwGJ0
https://www.synology.com/support/security/Synology_SA_17_73
30
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal