Intel Multiple Products Crafted UEFI Variable Handling Security Bypass

medium Nessus Plugin ID 76117

Synopsis

The remote device is affected by a security bypass vulnerability.

Description

The version of the Intel BIOS on the remote device is affected by an unspecified security bypass vulnerability related to a flaw in the handling of certain Unified Extensible Firmware Interface (UEFI) variables.

A knowledgeable remote malicious attacker may be able to exploit this issue to bypass security features or deny service to legitimate users.

Solution

Upgrade to the relevant BIOS firmware referenced in the vendor's advisory.

See Also

http://www.nessus.org/u?30bc64ce

Plugin Details

Severity: Medium

ID: 76117

File Name: intel_sa_00038.nasl

Version: 1.2

Type: local

Family: Misc.

Published: 6/18/2014

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/h:intel:bios

Required KB Items: BIOS/Version, BIOS/Vendor

Exploit Ease: No known exploits are available

Patch Publication Date: 5/27/2014

Vulnerability Publication Date: 5/27/2014

Reference Information

CVE: CVE-2014-2961

BID: 67947