Vulnerabilities > CVE-2017-8083 - Missing Authorization vulnerability in Compulab Intense PC Firmware and Mintbox 2 Firmware

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

compulab

CWE-862

NVD

Published: 2017-06-06

Updated: 2024-11-21

Summary

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.

Vulnerable Configurations

Part	Description	Count
OS	Compulab Compulab Intense PC Firmware Cr_2.2.0.400.2 Compulab Mintbox 2 Firmware Cr_2.2.0.400.2	2
Hardware	Compulab Compulab Intense PC - Compulab Mintbox 2 -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://seclists.org/fulldisclosure/2017/Jun/6
http://seclists.org/fulldisclosure/2017/Jun/6
https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/
https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/