Intel Desktop Boards BIOS Unauthorized BIOS Flash (INTEL-SA-00019)

This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.


Synopsis :

It may be possible to flash the BIOS on the remote desktop system
without explicit authorization.

Description :

The version of the Intel BIOS on the remote host may allow an
unauthorized user to flash the BIOS without explicit authorization
from a user or supervisor. An attacker may exploit this vulnerability
to flash the BIOS, and downgrade it to an older version, which may allow
the attacker to gain unauthorized access to system.

See also :

http://invisiblethingslab.com/press/itl-press-2009-03.pdf
http://www.nessus.org/u?b1295e44

Solution :

Upgrade the system BIOS on the remote host.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 4.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 42180 (intel_bios_unauth_flash.nasl)

Bugtraq ID: 36720

CVE ID: