Sign-up

ID

VAR-201707-1049


CVE

CVE-2017-9457


TITLE

CompuLab Intense PC Input Validation Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-26600 // CNNVD: CNNVD-201706-163

DESCRIPTION

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS. Intense PC Phoenix SecureCore UEFI The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CompuLabIntensePC is a mini PC device from CompuLab, Israel. An attacker could exploit this vulnerability to read and write to any system firmware. Credits: Hal Martin Website: watchmysys.com Source: https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/ Vendor: ==================== CompuLab (compulab.com) Product: ==================== Intense PC / MintBox 2 Vulnerability type: ==================== Platform lacks signature verification and does not validate firmware update before flashing CVE Reference: ==================== CVE-2017-9457 Summary: ==================== Since 2013 CompuLab manufactures and sells the Intense PC (also sold under the name "MintBox 2"), which is a small Intel-based fanless PC sold to end-users and industrial customers. No timeline was provided to implement capsule signature verification. Affected versions: ==================== All firmware versions since product release (latest public firmware is 21 May 2017) Attack Vector: ==================== An attacker tricks the user into running a malicious executable with local administrator privileges, which updates the system firmware to include the attacker's code. The attacker may instead use a known OS exploit to perform the upgrade remotely (without user interaction or notification). Proof of concept: ==================== I have created a modified firmware update which replaces the stock UEFI shell with the UEFI shell from EDK2. The update can be flashed from within Windows without any user interaction or notification. Firmware updates are not signed by CompuLab or verified by the existing firmware before upgrade. The modified update, based on the 21 May 2017 firmware, can be downloaded here: https://watchmysys.com/blog/wp-content/uploads/2017/07/update-IPC-20170521-edk2.zip Details of the full proof of concept can be found at the Source link above. Mitigation: ==================== At this time there is no means for the end user to enable Capsule Signature verification or to prevent the Phoenix update utility from updating the system firmware. Therefore Intense PC owners should consider the following options: - Ensure your operating system is up to date with the latest security patches. Do not run software from untrusted sources. - Do not connect your Intense PC to any networks with internet access (i.e. air-gap the computer). Disclosure timeline: ==================== 6 June 2017: Issue reported to CompuLab 6 June 2017: CompuLab confirms that aDefault settings of this source tree [Phoenix SecureCore Tiano Enhanced Intel Ivy Bridge CPU Panther Point M] has disabled Capsule Signature option.a 6 June 2017: Issue is reported to MITRE 6 June 2017: Vulnerability is assigned CVE-2017-9457 7 June 2017: CompuLab are informed that the vulnerability has been assigned CVE-2017-9457 and details of the vulnerability will be published after 45 days 22 July 2017: Details of the vulnerability are published

Trust: 2.34

sources: NVD: CVE-2017-9457 // JVNDB: JVNDB-2017-006818 // CNVD: CNVD-2017-26600 // VULHUB: VHN-117660 // PACKETSTORM: 143481

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-26600

AFFECTED PRODUCTS

vendor:compulabmodel:intense pcscope:lteversion:cr_2.2.0.400.2

Trust: 1.0

vendor:compulabmodel:intense pcscope: - version: -

Trust: 0.8

vendor:compulabmodel:intense pc <=cr 2.2.0.400.2scope: - version: -

Trust: 0.6

vendor:compulabmodel:intense pcscope:eqversion:cr_2.2.0.400.2

Trust: 0.6

sources: CNVD: CNVD-2017-26600 // JVNDB: JVNDB-2017-006818 // CNNVD: CNNVD-201706-163 // NVD: CVE-2017-9457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9457
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-9457
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-26600
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-163
value: HIGH

Trust: 0.6

VULHUB: VHN-117660
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9457
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-26600
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-117660
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9457
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-26600 // VULHUB: VHN-117660 // JVNDB: JVNDB-2017-006818 // CNNVD: CNNVD-201706-163 // NVD: CVE-2017-9457

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-117660 // JVNDB: JVNDB-2017-006818 // NVD: CVE-2017-9457

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201706-163

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201706-163

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006818

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-117660

PATCH
title:Top Pageurl:http://www.compulab.com/
Trust: 0.8
title:CompuLabIntensePC enters a patch to verify the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/102100
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-26600 // 
            
            
            
            JVNDB: JVNDB-2017-006818

EXTERNAL IDS
db:NVDid:CVE-2017-9457
Trust: 3.2
db:PACKETSTORMid:143481
Trust: 1.2
db:JVNDBid:JVNDB-2017-006818
Trust: 0.8
db:CNNVDid:CNNVD-201706-163
Trust: 0.7
db:CNVDid:CNVD-2017-26600
Trust: 0.6
db:VULHUBid:VHN-117660
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-26600 // 
            
            
            
            VULHUB: VHN-117660 // 
            
            
            
            JVNDB: JVNDB-2017-006818 // 
            
            
            
            PACKETSTORM: 143481 // 
            
            
            
            CNNVD: CNNVD-201706-163 // 
            
            
            
            NVD: CVE-2017-9457

REFERENCES
url:https://watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/
Trust: 2.6
url:http://seclists.org/fulldisclosure/2017/jul/56
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-9457
Trust: 1.5
url:http://packetstormsecurity.com/files/143481/compulab-intense-pc-mintbox-2-signature-verification.html
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9457
Trust: 0.8
url:https://watchmysys.com/blog/wp-content/uploads/2017/07/update-ipc-20170521-edk2.zip
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-26600 // 
            
            
            
            VULHUB: VHN-117660 // 
            
            
            
            JVNDB: JVNDB-2017-006818 // 
            
            
            
            PACKETSTORM: 143481 // 
            
            
            
            CNNVD: CNNVD-201706-163 // 
            
            
            
            NVD: CVE-2017-9457

CREDITS
Hal Martin
Trust: 0.1
sources:
            
            
            PACKETSTORM: 143481

SOURCES
db:CNVDid:CNVD-2017-26600
db:VULHUBid:VHN-117660
db:JVNDBid:JVNDB-2017-006818
db:PACKETSTORMid:143481
db:CNNVDid:CNNVD-201706-163
db:NVDid:CVE-2017-9457

LAST UPDATE DATE
2025-04-20T23:32:52.391000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-26600date:2017-09-14T00:00:00
db:VULHUBid:VHN-117660date:2017-08-10T00:00:00
db:JVNDBid:JVNDB-2017-006818date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201706-163date:2017-08-15T00:00:00
db:NVDid:CVE-2017-9457date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-26600date:2017-09-13T00:00:00
db:VULHUBid:VHN-117660date:2017-07-25T00:00:00
db:JVNDBid:JVNDB-2017-006818date:2017-09-05T00:00:00
db:PACKETSTORMid:143481date:2017-07-23T13:33:33
db:CNNVDid:CNNVD-201706-163date:2017-06-07T00:00:00
db:NVDid:CVE-2017-9457date:2017-07-25T14:29:00.317