CVE-2017-9457

MEDIUM

Intense PC Phoenix SecureCore - Privilege Escalation

Title source: llm
STIX 2.1

Description

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.

References (3)

Core 3
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Jul/56

Scores

CVSS v3 6.7
EPSS 0.0083
EPSS Percentile 53.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
compulab/intense_pc_firmware < cr_2.2.0.400.2
Published Jul 25, 2017
Tracked Since Feb 18, 2026