CVE-2016-8103

SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.

CVSS v3.0 6.7 MEDIUM
CVSS v2.0 6.8 MEDIUM

6.7^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00057&languageid=en-fr	Vendor Advisory
http://www.securityfocus.com/bid/95012	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:city_bios:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:stk2m3w64cc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:canyon_bios:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc6i7kyb:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:canyon_bios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:nuc5pgyh:-:::::::*
	cpe:2.3:h:intel:nuc5cpyh:-:::::::*
	cpe:2.3:h:intel:nuc5ppyh:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:city_bios:ccsklm30.86a:*:*:*:*:*:*:*

cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:canyon_bios:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:dn2820fyb:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:city_bios:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:stk2m3w64cc:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:swift_canyon_bios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:nuc6i5syb:-:::::::*
	cpe:2.3:h:intel:nuc6i3syb:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:citry_bios:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:stk1aw32sc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:canyon_bios:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc5i3mybe:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:canyon_bios:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:nuc5i3mybe:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:intel:city_bios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:stk1a32sc:-:::::::*
	cpe:2.3:h:intel:stk1aw32sc:-:::::::*

Configuration 12 (hide)

AND

cpe:2.3:o:intel:canyon_bios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:nuc5i5ryb:-:::::::*
	cpe:2.3:h:intel:nuc5i3ryb:-:::::::*
	cpe:2.3:h:intel:nuc5i7rykh:-:::::::*

Information

Published : 2016-12-08 09:59

Updated : 2016-12-27 06:35

NVD link : CVE-2016-8103

Mitre link : CVE-2016-8103

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

intel

stk1aw32sc
nuc6i5syb
nuc5pgyh
canyon_bios
nuc5ppyh
city_bios
swift_canyon_bios
nuc6i3syb
nuc5i5ryb
nuc5i3ryb
nuc5i7rykh
stk2m3w64cc
nuc6i7kyb
stk2mv64cc
nuc5cpyh
citry_bios
stk1a32sc
dn2820fyb
nuc5i3mybe

6.7 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2016-8103

6.7^/10

6.8^/10

Attach tags to `CVE-2016-8103`