Strix
26.1K

CVE-2017-5691

UnknownEPSS 1.44%

Last modified

CVE-2017-5691 is a vulnerability of currently unknown severity. Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.

Description

Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.

Metrics

EPSS Probability
1.44%

69.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
IntelNuc7i3bnk BiosAll versions
IntelNuc7i5bnk BiosAll versions
IntelNuc7i7bnh BiosAll versions
IntelStk2mv64cc BiosAll versions
IntelStk2m3w64cc BiosAll versions
IntelNuc6i7kyk BiosAll versions
IntelNuc6i3syk BiosAll versions
IntelNuc6i5syk BiosAll versions
IntelR1304sposhor BiosAll versions
IntelR1304sposhorr BiosAll versions
IntelR1208sposhorr BiosAll versions
IntelLr1304spcfg1r BiosAll versions
IntelR1208sposhor BiosAll versions
IntelS1200spsr BiosAll versions
IntelS1200spor BiosAll versions
IntelLr1304spcfg1 BiosAll versions
IntelS1200spl BiosAll versions
IntelS1200spo BiosAll versions
IntelS1200sps BiosAll versions
IntelR1304sposhbn BiosAll versions
IntelS1200splr BiosAll versions
IntelR1304sposhbnr BiosAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-5691?
Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.
How severe is CVE-2017-5691?
Severity scoring for CVE-2017-5691 is pending analysis. The EPSS model estimates a 1.44% probability of exploitation in the next 30 days.
How do I fix CVE-2017-5691?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5691?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST