Intel Multiple Products Crafted UEFI Variable Handling Security Bypass

Medium Nessus Plugin ID 76117


The remote device is affected by a security bypass vulnerability.


The version of the Intel BIOS on the remote device is affected by an unspecified security bypass vulnerability related to a flaw in the handling of certain Unified Extensible Firmware Interface (UEFI) variables.

A knowledgeable remote malicious attacker may be able to exploit this issue to bypass security features or deny service to legitimate users.


Upgrade to the relevant BIOS firmware referenced in the vendor's advisory.

See Also

Plugin Details

Severity: Medium

ID: 76117

File Name: intel_sa_00038.nasl

Version: $Revision: 1.1 $

Type: local

Family: Misc.

Published: 2014/06/18

Modified: 2014/06/18

Dependencies: 34098, 34097

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/h:intel:bios

Required KB Items: BIOS/Version, BIOS/Vendor

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/05/27

Vulnerability Publication Date: 2014/05/27

Reference Information

CVE: CVE-2014-2961

BID: 67947

OSVDB: 107519