PT-2017-18933 · Intense Pc · Intense Pc Phoenix Securecore Uefi Firmware

Published

2017-07-25

Updated

2017-08-10

CVE-2017-9457

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Intense PC Phoenix SecureCore UEFI firmware (affected versions not specified)

Description The issue concerns the lack of capsule signature validation in the UEFI firmware before upgrading the system firmware. This absence of validation enables an attacker with administrator privileges to flash a modified UEFI BIOS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-9457

Affected Products

Intense Pc Phoenix Securecore Uefi Firmware

PT-2017-18933 · Intense Pc · Intense Pc Phoenix Securecore Uefi Firmware

CVE-2017-9457

Weakness Enumeration

Related Identifiers

Affected Products

References · 5