CVE-2017-9457

MEDIUM

Intense PC Phoenix SecureCore - Privilege Escalation

Title source: llm

Description

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.

References (3)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Jul/56

[Third Party Advisory] https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/

Scores

CVSS v3 6.7

EPSS 0.0010

EPSS Percentile 26.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (2)

n/a/n/a

compulab/intense_pc_firmware < cr_2.2.0.400.2

Published Jul 25, 2017

Tracked Since Feb 18, 2026