Main Vulnerability Database SB2017112201

SB2017112201 - Privilege escalation in Intel Server Platform Services Firmware

Published: November 22, 2017

Security Bulletin ID SB2017112201

Severity

Low

Patch available

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2017-5706)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in kernel. A local attacker can send a specially crafted request, trigger memory corruption, execute arbitrary code an compromise the vulnerable system.

2) Privilege escalation (CVE-ID: CVE-2017-5709)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to unknown error. A local attacker can send a specially crafted request,gain elevated privileges and access privileged content.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr&ref=hvper.com