Input validation

2017-07-2514:29:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.

CPENameOperatorVersion
intense_pc_firmwareeq<= cr-2.2.0.400.2

CPE	Name	Operator	Version
	intense_pc_firmware	eq	<= cr-2.2.0.400.2

References

packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html

seclists.org/fulldisclosure/2017/Jul/56

watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/