Strix
26.1K

CVE-2017-5722

UnknownEPSS 0.35%

Last modified

CVE-2017-5722 is a vulnerability of currently unknown severity. Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.

Description

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.

Metrics

EPSS Probability
0.35%

26.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelNuc7i7bnh Firmwareayaplcel.86a.0041
IntelNuc7i7bnh Firmwarebnkbl357.86a.0052
IntelNuc7i7bnh Firmwareccsklm5v.86a.0052
IntelNuc7i7bnh Firmwareccsklm30.86a.0052
IntelNuc7i7bnh Firmwarednkbli5v.86a.0026
IntelNuc7i7bnh Firmwarednkbli30.86a.0026
IntelNuc7i7bnh Firmwarekyskli70.86a.0050
IntelNuc7i7bnh Firmwarerybdwi35.86a.0366
IntelNuc7i7bnh Firmwaresyskli35.86a.0062
IntelNuc7i7bnh Firmwaretybyt20h.86a.0015
IntelNuc7i5bnh Firmwareayaplcel.86a.0041
IntelNuc7i5bnh Firmwarebnkbl357.86a.0052
IntelNuc7i5bnh Firmwareccsklm5v.86a.0052
IntelNuc7i5bnh Firmwareccsklm30.86a.0052
IntelNuc7i5bnh Firmwarednkbli5v.86a.0026
IntelNuc7i5bnh Firmwarednkbli30.86a.0026
IntelNuc7i5bnh Firmwarekyskli70.86a.0050
IntelNuc7i5bnh Firmwarerybdwi35.86a.0366
IntelNuc7i5bnh Firmwaresyskli35.86a.0062
IntelNuc7i5bnh Firmwaretybyt20h.86a.0015
IntelNuc7i5bnk Firmwareayaplcel.86a.0041
IntelNuc7i5bnk Firmwarebnkbl357.86a.0052
IntelNuc7i5bnk Firmwareccsklm5v.86a.0052
IntelNuc7i5bnk Firmwareccsklm30.86a.0052
IntelNuc7i5bnk Firmwarednkbli5v.86a.0026
IntelNuc7i5bnk Firmwarednkbli30.86a.0026
IntelNuc7i5bnk Firmwarekyskli70.86a.0050
IntelNuc7i5bnk Firmwarerybdwi35.86a.0366
IntelNuc7i5bnk Firmwaresyskli35.86a.0062
IntelNuc7i5bnk Firmwaretybyt20h.86a.0015
IntelNuc7i3bnh Firmwareayaplcel.86a.0041
IntelNuc7i3bnh Firmwarebnkbl357.86a.0052
IntelNuc7i3bnh Firmwareccsklm5v.86a.0052
IntelNuc7i3bnh Firmwareccsklm30.86a.0052
IntelNuc7i3bnh Firmwarednkbli5v.86a.0026
IntelNuc7i3bnh Firmwarednkbli30.86a.0026
IntelNuc7i3bnh Firmwarekyskli70.86a.0050
IntelNuc7i3bnh Firmwarerybdwi35.86a.0366
IntelNuc7i3bnh Firmwaresyskli35.86a.0062
IntelNuc7i3bnh Firmwaretybyt20h.86a.0015
IntelNuc7i3bnk Firmwareayaplcel.86a.0041
IntelNuc7i3bnk Firmwarebnkbl357.86a.0052
IntelNuc7i3bnk Firmwareccsklm5v.86a.0052
IntelNuc7i3bnk Firmwareccsklm30.86a.0052
IntelNuc7i3bnk Firmwarednkbli5v.86a.0026
IntelNuc7i3bnk Firmwarednkbli30.86a.0026
IntelNuc7i3bnk Firmwarekyskli70.86a.0050
IntelNuc7i3bnk Firmwarerybdwi35.86a.0366
IntelNuc7i3bnk Firmwaresyskli35.86a.0062
IntelNuc7i3bnk Firmwaretybyt20h.86a.0015

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-5722?
Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.
How severe is CVE-2017-5722?
Severity scoring for CVE-2017-5722 is pending analysis. The EPSS model estimates a 0.35% probability of exploitation in the next 30 days.
How do I fix CVE-2017-5722?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5722?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST