CVE-2017-5721

HIGH

Intel NUC7i3BNK NUC7i3BNH NUC7i5BNK NUC7i5BNH NUC7i7BNH <= BN0049 - Arbitrary Code Execution via Memory Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5721. PoCs published by embedi.

AI-analyzed exploit summary This PoC exploits CVE-2017-5721, a privilege escalation vulnerability in Intel's UsbRt SMM (System Management Mode) by manipulating CRC-32 values and triggering a Machine Check Exception to cause a system hang. It requires the CHIPSEC framework and specific GRUB configurations to disable ACPI.

Description

Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.

Exploits (1)

nomisec WORKING POC 17 stars

by embedi · poc

https://github.com/embedi/smm_usbrt_poc

View Code ZIP pw:eip

This PoC exploits CVE-2017-5721, a privilege escalation vulnerability in Intel's UsbRt SMM (System Management Mode) by manipulating CRC-32 values and triggering a Machine Check Exception to cause a system hang. It requires the CHIPSEC framework and specific GRUB configurations to disable ACPI.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Intel UsbRt SMM (affecting various Intel chipsets)

No auth needed

Prerequisites: CHIPSEC framework installed · GRUB configured with 'acpi=off' · Physical or privileged access to execute the PoC

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Third Party Advisory x_refsource_confirm

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00084&languageid=en-fr

Scores

CVSS v3 7.5

EPSS 0.0083

EPSS Percentile 52.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (50)

intel/nuc7i3bnh_firmware ayaplcel.86a.0041

intel/nuc7i3bnh_firmware bnkbl357.86a.0052

intel/nuc7i3bnh_firmware ccsklm5v.86a.0052

intel/nuc7i3bnh_firmware ccsklm30.86a.0052

intel/nuc7i3bnh_firmware dnkbli5v.86a.0026

intel/nuc7i3bnh_firmware dnkbli30.86a.0026

intel/nuc7i3bnh_firmware kyskli70.86a.0050

intel/nuc7i3bnh_firmware rybdwi35.86a.0366

intel/nuc7i3bnh_firmware syskli35.86a.0062

intel/nuc7i3bnh_firmware tybyt20h.86a.0015

... and 40 more

Published Oct 11, 2017

Tracked Since Feb 18, 2026