Vulnerabilities > CVE-2017-8083 - Missing Authorization vulnerability in Compulab Intense PC Firmware and Mintbox 2 Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

compulab

CWE-862

NVD

Published: 2017-06-06

Updated: 2019-10-03

Summary

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.

Vulnerable Configurations

Part	Description	Count
OS	Compulab Compulab Intense PC Firmware * Compulab Mintbox 2 Firmware *	2
Hardware	Compulab Compulab Intense PC - Compulab Mintbox 2 -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://seclists.org/fulldisclosure/2017/Jun/6
https://watchmysys.com/blog/2017/06/cve-2017-8083-compulab-intensepc-lacks-bios-wp/