Sign-up

ID

VAR-201002-0157


CVE

CVE-2010-0560


TITLE

Intel Desktop Board DB In series etc. SSM Vulnerability to execute arbitrary code in

Trust: 0.8

sources: JVNDB: JVNDB-2010-004490

DESCRIPTION

Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, DH, DP, and DQ Series allows local administrators to execute arbitrary code in System Management Mode (SSM) via unknown attack vectors. Intel BIOS is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to modify software that runs in System Management Mode (SMM). Successfully exploiting this issue will allow the attacker to compromise affected computers. A remote attacker can execute arbitrary code via an unidentified vector in system administration mode. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Intel Desktop Boards System Management Mode Security Bypass SECUNIA ADVISORY ID: SA38413 VERIFY ADVISORY: http://secunia.com/advisories/38413/ DESCRIPTION: A weakness has been reported in several Intel desktop boards, which can be exploited by malicious, local users to bypass certain security restrictions. Successful exploitation requires administrative (ring 0) privileges. SOLUTION: Apply BIOS updates. DQ43AP: Update to version APQ4310H.86A.0031. DQ45CB and DQ45EK: Update to version CBQ4510H.86A.0109. DQ35JO and DQ35MP: Update to version JOQ3510J.86A.1126. DP55KG, DP55SB, and DP55WG: Update to version KGIBX10J.86A.4236. DP55WB: Update to version WBIBX10J.86A.0181. DQ57TM: Update to version TMIBX10H.86A.0025. DH55TC and DH55HC: Update to version TCIBX10H.86A.0028. DG41KR: Update to version KRG4110H.86A.0029. DB43LD: Update to version LDB4310H.86A.0035. DG41MJ: Update to version MJG4110H.86A.0006. DG41RQ: Update to version RQG4110H.86A.0013. DG41TY: Update to version TYG4110H.86A.0037. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00022&languageid=en-fr ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-0560 // JVNDB: JVNDB-2010-004490 // BID: 38251 // VULHUB: VHN-43165 // PACKETSTORM: 85867

AFFECTED PRODUCTS

vendor:intelmodel:desktop boardscope:eqversion:db

Trust: 2.4

vendor:intelmodel:desktop boardscope:eqversion:dg

Trust: 2.4

vendor:intelmodel:desktop boardscope:eqversion:dh

Trust: 2.4

vendor:intelmodel:desktop boardscope:eqversion:dp

Trust: 2.4

vendor:intelmodel:desktop boardscope:eqversion:dq

Trust: 2.4

vendor:sunmodel:ultra workstationscope:eqversion:270

Trust: 0.3

vendor:sunmodel:ultra workstationscope:eqversion:240

Trust: 0.3

vendor:sunmodel:firescope:eqversion:x44500

Trust: 0.3

vendor:sunmodel:firescope:eqversion:x42750

Trust: 0.3

vendor:sunmodel:firescope:eqversion:x42700

Trust: 0.3

vendor:sunmodel:firescope:eqversion:x41700

Trust: 0.3

vendor:sunmodel:firescope:eqversion:x22700

Trust: 0.3

vendor:sunmodel:bladescope:eqversion:x64500

Trust: 0.3

vendor:sunmodel:bladescope:eqversion:x62750

Trust: 0.3

vendor:sunmodel:bladescope:eqversion:x62700

Trust: 0.3

vendor:sunmodel:bladescope:eqversion:x62500

Trust: 0.3

vendor:intelmodel:dq57tmscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dq45ekscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dq45cbscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dq43apscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dq35mpscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dq35joscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dp55wgscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dp55wbscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dp55sbscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dp55kgscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dh55tcscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dh55hcscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dg43gtscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dg41tyscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dg41rqscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dg41mjscope:eqversion:0

Trust: 0.3

vendor:intelmodel:dg41krscope:eqversion:0

Trust: 0.3

vendor:intelmodel:db43ldscope:eqversion:0

Trust: 0.3

sources: BID: 38251 // JVNDB: JVNDB-2010-004490 // CNNVD: CNNVD-201002-065 // NVD: CVE-2010-0560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0560
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0560
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201002-065
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43165
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0560
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43165
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43165 // JVNDB: JVNDB-2010-004490 // CNNVD: CNNVD-201002-065 // NVD: CVE-2010-0560

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-0560

THREAT TYPE

local

Trust: 1.0

sources: BID: 38251 // PACKETSTORM: 85867 // CNNVD: CNNVD-201002-065

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201002-065

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004490

PATCH
title:INTEL-SA-00022url:http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00022&languageid=en-fr
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004490

EXTERNAL IDS
db:NVDid:CVE-2010-0560
Trust: 2.5
db:SECUNIAid:38413
Trust: 1.8
db:OSVDBid:62071
Trust: 1.7
db:VUPENid:ADV-2010-0271
Trust: 1.7
db:BIDid:38251
Trust: 1.4
db:JVNDBid:JVNDB-2010-004490
Trust: 0.8
db:CNNVDid:CNNVD-201002-065
Trust: 0.7
db:VULHUBid:VHN-43165
Trust: 0.1
db:PACKETSTORMid:85867
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43165 // 
            
            
            
            BID: 38251 // 
            
            
            
            JVNDB: JVNDB-2010-004490 // 
            
            
            
            PACKETSTORM: 85867 // 
            
            
            
            CNNVD: CNNVD-201002-065 // 
            
            
            
            NVD: CVE-2010-0560

REFERENCES
url:http://security-center.intel.com/advisory.aspx?intelid=intel-sa-00022&languageid=en-fr
Trust: 2.0
url:http://osvdb.org/62071
Trust: 1.7
url:http://secunia.com/advisories/38413
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/0271
Trust: 1.7
url:http://www.securityfocus.com/bid/38251
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/56384
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0560
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0560
Trust: 0.8
url:http://blogs.sun.com/security/entry/cve_2010_0560
Trust: 0.3
url:http://www.intel.com/
Trust: 0.3
url:http://security-center.intel.com/advisory.aspx?intelid=intel-sa-00022&languageid=en-fr
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/blog/71/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/38413/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43165 // 
            
            
            
            BID: 38251 // 
            
            
            
            JVNDB: JVNDB-2010-004490 // 
            
            
            
            PACKETSTORM: 85867 // 
            
            
            
            CNNVD: CNNVD-201002-065 // 
            
            
            
            NVD: CVE-2010-0560

CREDITS
Intel
Trust: 0.3
sources:
            
            
            BID: 38251

SOURCES
db:VULHUBid:VHN-43165
db:BIDid:38251
db:JVNDBid:JVNDB-2010-004490
db:PACKETSTORMid:85867
db:CNNVDid:CNNVD-201002-065
db:NVDid:CVE-2010-0560

LAST UPDATE DATE
2025-04-11T23:06:03.584000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43165date:2017-08-17T00:00:00
db:BIDid:38251date:2010-04-15T01:03:00
db:JVNDBid:JVNDB-2010-004490date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201002-065date:2010-02-09T00:00:00
db:NVDid:CVE-2010-0560date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43165date:2010-02-08T00:00:00
db:BIDid:38251date:2010-02-01T00:00:00
db:JVNDBid:JVNDB-2010-004490date:2012-09-25T00:00:00
db:PACKETSTORMid:85867date:2010-02-02T17:26:33
db:CNNVDid:CNNVD-201002-065date:2010-02-08T00:00:00
db:NVDid:CVE-2010-0560date:2010-02-08T21:30:00.420