CVE-2017-5721

HIGH

Intel Nuc7i7bnh Firmware - Improper Input Validation

Title source: rule

Description

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.

Exploits (1)

nomisec WORKING POC 17 stars

by embedi · poc

https://github.com/embedi/smm_usbrt_poc

View Code ZIP pw:eip

References (1)

Core 1

Core References

Patch, Third Party Advisory x_refsource_confirm

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr

Scores

CVSS v3 7.5

EPSS 0.0399

EPSS Percentile 88.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (50)

intel/nuc7i3bnh_firmware ayaplcel.86a.0041

intel/nuc7i3bnh_firmware bnkbl357.86a.0052

intel/nuc7i3bnh_firmware ccsklm5v.86a.0052

intel/nuc7i3bnh_firmware ccsklm30.86a.0052

intel/nuc7i3bnh_firmware dnkbli5v.86a.0026

intel/nuc7i3bnh_firmware dnkbli30.86a.0026

intel/nuc7i3bnh_firmware kyskli70.86a.0050

intel/nuc7i3bnh_firmware rybdwi35.86a.0366

intel/nuc7i3bnh_firmware syskli35.86a.0062

intel/nuc7i3bnh_firmware tybyt20h.86a.0015

... and 40 more

Published Oct 11, 2017

Tracked Since Feb 18, 2026