Intel UEFI EFI S3 Resume Boot Path Script Privilege Escalation (INTEL-SA-00041)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote host is vulnerable to a local privilege escalation attack.

Description :

The version of the Intel UEFI BIOS on the remote host is affected by a
privilege escalation vulnerability due to an error, related to
handling the EFI S3 Resume Boot Path boot script, that allows
bypassing firmware write protections. An attacker can exploit this to
perform a reflash of the firmware, read or write to SMRAM memory, or
render the system inoperable.

See also :

http://www.nessus.org/u?d508472d
http://www.nessus.org/u?bcc2a010

Solution :

Upgrade the system BIOS on the remote host.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 80458 ()

Bugtraq ID: 71873

CVE ID: CVE-2014-8274

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now