CVE-2017-5721

high-risk

Published 2017-10-11

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.

Do I need to act?

~

4.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

LOCAL / HIGH complexity

Affected Products (20)

Nuc7I7Bnh Firmware

Nuc7I7Bnh Firmware

Nuc7I5Bnh Firmware

Nuc7I5Bnh Firmware

Nuc7I5Bnh Firmware

Nuc7I5Bnh Firmware

Nuc7I5Bnh Firmware

Nuc7I5Bnh Firmware

Nuc7I5Bnk Firmware

Nuc7I5Bnk Firmware

Nuc7I5Bnk Firmware

Nuc7I5Bnk Firmware

Nuc7I5Bnk Firmware

Nuc7I5Bnk Firmware

Nuc7I5Bnk Firmware

Nuc7I3Bnh Firmware

Nuc7I3Bnh Firmware

Nuc7I3Bnh Firmware

Nuc7I3Bnh Firmware

Nuc7I3Bnh Firmware

Affected Vendors

Intel

References (2)

Patch https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languagei...

Patch https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languagei...

53

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 7/34 · Low

Exposure 26/34 · High