CVE-2017-9457
N/A
N/A
Summary
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2017/Jul/56
- http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html
- https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
References
- http://seclists.org/fulldisclosure/2017/Jul/56
- http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html
- https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.