Buffer Overflow Vulnerability in Intel Trusted Execution Engine Firmware
CVE-2017-5707

7.8HIGH

Key Information:

Vendor

Intel
Status
Trusted Execution Engine
Vendor
CVE Published:
21 November 2017

What is CVE-2017-5707?

Multiple buffer overflow vulnerabilities in the kernel of Intel Trusted Execution Engine Firmware 3.0 enable an attacker with local access to the system to potentially execute arbitrary code. Exploiting these vulnerabilities could give malicious actors elevated privileges, leading to unauthorized system control or data breaches. Organizations using affected firmware versions should prioritize implementing patches and updates to safeguard against such exploits, thereby enhancing their security posture.

Affected Version(s)

Trusted Execution Engine 3.0

References

https://security.netapp.com/advisory/ntap-20171120-0001/
x_refsource_CONFIRM
https://twitter.com/PTsecurity_UK/status/938447926128291842
x_refsource_MISC
http://www.securityfocus.com/bid/101919
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-5707 : Buffer Overflow Vulnerability in Intel Trusted Execution Engine Firmware