CVE-2017-5704

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 87.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Corporation Intel Core Processor Intel Core I3 Intel Core I5 +1 more

Timeline

PublishedJul 10

Latest updateMay 13

Description

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5intel_corporation/intel_core_processor4th Gen, 5th Gen, 6th Gen, 7th Gen.

▶NVDintel/core_i371 versions+70

▶NVDintel/core_i5105 versions+104

▶NVDintel/core_i797 versions+96

🔴Vulnerability Details

GHSA

GHSA-rp2g-j8p9-26x2: Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Inte↗2022-05-13

▶

CVEList

CVE-2017-5704: Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Inte↗2018-07-10

▶