Intel System Management Mode Local Privilege Escalation (INTEL-SA-00017)

medium Nessus Plugin ID 34099

Synopsis

The remote host is vulnerable to a local privilege escalation attack.

Description

The version of the Intel BIOS on the remote host is known to be vulnerable to an as-yet unspecified privilege escalation attack. It would allow a local user with administrative privileges to upgrade administrative privileges to System Management Mode.

Solution

Upgrade the system BIOS on the remote host.

See Also

http://www.nessus.org/u?6371ebe4

Plugin Details

Severity: Medium

ID: 34099

File Name: intel_bios_priv_escal.nasl

Version: 1.18

Type: local

Family: Misc.

Published: 9/8/2008

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: BIOS/Version, BIOS/Vendor, BIOS/ReleaseDate

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-7096

BID: 30823

CWE: 264