National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-5704 Detail

Current Description

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

Source:  MITRE
Description Last Modified:  07/10/2018
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 6.7 MEDIUM
Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (V3 legend)
Impact Score: 5.9
Exploitability Score: 0.8


Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

CVSS v2.0 Severity and Metrics:

Base Score: 2.1 LOW
Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 3.9


Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): None
Availability (A): None
Additional Information:
Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00160.html Vendor Advisory

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.3

Configuration 1
OR
cpe:/h:intel:core_i3:4000m
cpe:/h:intel:core_i3:4005u
cpe:/h:intel:core_i3:4010u
cpe:/h:intel:core_i3:4010y
cpe:/h:intel:core_i3:4012y
cpe:/h:intel:core_i3:4020y
cpe:/h:intel:core_i3:4025u
cpe:/h:intel:core_i3:4030u
cpe:/h:intel:core_i3:4030y
cpe:/h:intel:core_i3:4100e
cpe:/h:intel:core_i3:4100m
cpe:/h:intel:core_i3:4100u
cpe:/h:intel:core_i3:4102e
cpe:/h:intel:core_i3:4110e
cpe:/h:intel:core_i3:4110m
cpe:/h:intel:core_i3:4112e
cpe:/h:intel:core_i3:4120u
cpe:/h:intel:core_i3:4130
cpe:/h:intel:core_i3:4130t
cpe:/h:intel:core_i3:4150
cpe:/h:intel:core_i3:4150t
cpe:/h:intel:core_i3:4158u
cpe:/h:intel:core_i3:4160
cpe:/h:intel:core_i3:4160t
cpe:/h:intel:core_i3:4170
cpe:/h:intel:core_i3:4170t
cpe:/h:intel:core_i3:4330
cpe:/h:intel:core_i3:4330t
cpe:/h:intel:core_i3:4330te
cpe:/h:intel:core_i3:4340
cpe:/h:intel:core_i3:4340te
cpe:/h:intel:core_i3:4350
cpe:/h:intel:core_i3:4350t
cpe:/h:intel:core_i3:4360
cpe:/h:intel:core_i3:4360t
cpe:/h:intel:core_i3:4370
cpe:/h:intel:core_i3:4370t
cpe:/h:intel:core_i3:5005u
cpe:/h:intel:core_i3:5010u
cpe:/h:intel:core_i3:5015u
cpe:/h:intel:core_i3:5020u
cpe:/h:intel:core_i3:5157u
cpe:/h:intel:core_i3:6006u
cpe:/h:intel:core_i3:6098p
cpe:/h:intel:core_i3:6100
cpe:/h:intel:core_i3:6100e
cpe:/h:intel:core_i3:6100h
cpe:/h:intel:core_i3:6100t
cpe:/h:intel:core_i3:6100te
cpe:/h:intel:core_i3:6100u
cpe:/h:intel:core_i3:6102e
cpe:/h:intel:core_i3:6157u
cpe:/h:intel:core_i3:6167u
cpe:/h:intel:core_i3:6300
cpe:/h:intel:core_i3:6300t
cpe:/h:intel:core_i3:6320
cpe:/h:intel:core_i3:7020u
cpe:/h:intel:core_i3:7100
cpe:/h:intel:core_i3:7100e
cpe:/h:intel:core_i3:7100h
cpe:/h:intel:core_i3:7100t
cpe:/h:intel:core_i3:7100u
cpe:/h:intel:core_i3:7101e
cpe:/h:intel:core_i3:7101te
cpe:/h:intel:core_i3:7102e
cpe:/h:intel:core_i3:7130u
cpe:/h:intel:core_i3:7167u
cpe:/h:intel:core_i3:7300
cpe:/h:intel:core_i3:7300t
cpe:/h:intel:core_i3:7320
cpe:/h:intel:core_i3:7350k
Configuration 2
OR
cpe:/h:intel:core_i5:7y54
cpe:/h:intel:core_i5:7y57
cpe:/h:intel:core_i5:4200h
cpe:/h:intel:core_i5:4200m
cpe:/h:intel:core_i5:4200u
cpe:/h:intel:core_i5:4200y
cpe:/h:intel:core_i5:4202y
cpe:/h:intel:core_i5:4210h
cpe:/h:intel:core_i5:4210m
cpe:/h:intel:core_i5:4210u
cpe:/h:intel:core_i5:4210y
cpe:/h:intel:core_i5:4220y
cpe:/h:intel:core_i5:4250u
cpe:/h:intel:core_i5:4258u
cpe:/h:intel:core_i5:4260u
cpe:/h:intel:core_i5:4278u
cpe:/h:intel:core_i5:4288u
cpe:/h:intel:core_i5:4300m
cpe:/h:intel:core_i5:4300u
cpe:/h:intel:core_i5:4300y
cpe:/h:intel:core_i5:4302y
cpe:/h:intel:core_i5:4308u
cpe:/h:intel:core_i5:4310m
cpe:/h:intel:core_i5:4310u
cpe:/h:intel:core_i5:4330m
cpe:/h:intel:core_i5:4340m
cpe:/h:intel:core_i5:4350u
cpe:/h:intel:core_i5:4360u
cpe:/h:intel:core_i5:4400e
cpe:/h:intel:core_i5:4402e
Configuration 3
Showing 100 of 273 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2017-5704
NVD Published Date:
07/10/2018
NVD Last Modified:
09/11/2018