CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| compulab | mintbox_2_firmware | * |
| compulab | intense_pc_firmware | * |
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| compulab | intense_pc_firmware | * |