CVE-2017-8083

MEDIUM

Compulab Intense PC Firmware < cr_2.2.0.400.2 - Missing Authorization

Title source: rule

Description

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Jun/6

[Third Party Advisory] https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/

Scores

CVSS v3 6.7

EPSS 0.0012

EPSS Percentile 31.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (3)

compulab/intense_pc_firmware < cr_2.2.0.400.2

compulab/mintbox_2_firmware < cr_2.2.0.400.2

n/a/n/a

Published Jun 06, 2017

Tracked Since Feb 18, 2026