Intel UEFI EFI S3 Resume Boot Path Script Privilege Escalation (INTEL-SA-00041)

Medium Nessus Plugin ID 80458


The remote host is vulnerable to a local privilege escalation attack.


The version of the Intel UEFI BIOS on the remote host is affected by a privilege escalation vulnerability due to an error, related to handling the EFI S3 Resume Boot Path boot script, that allows bypassing firmware write protections. An attacker can exploit this to perform a reflash of the firmware, read or write to SMRAM memory, or render the system inoperable.


Upgrade the system BIOS on the remote host.

See Also

Plugin Details

Severity: Medium

ID: 80458

File Name: intel_bios_uefi_priv_escal.nasl

Version: $Revision: 1.2 $

Type: local

Family: Misc.

Published: 2015/01/12

Modified: 2015/01/14

Dependencies: 34097, 34098

Risk Information

Risk Factor: Medium


Base Score: 6.2

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Required KB Items: BIOS/Version, BIOS/Vendor

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/12/23

Vulnerability Publication Date: 2014/12/23

Reference Information

CVE: CVE-2014-8274

BID: 71873

OSVDB: 116356

CERT: 976132