CVE-2017-3718

Vulnerability

An improper setting of device configuration in the system firmware of certain Intel(R) NUC kits allows a privileged user to potentially escalate privileges. The vulnerability resides in the firmware configuration logic, which fails to enforce proper restrictions when a user with existing privileges modifies device settings. Affected models and firmware versions are detailed in the Intel security advisory [1].

Exploitation

Exploitation requires physical access to the target system and a user account with elevated privileges (e.g., local administrator). The attacker, having physical access, can manipulate the device configuration through the firmware interface to bypass security controls and gain higher privileges. No network access or user interaction beyond the attacker's own actions is needed [1].

Impact

Successful exploitation enables an attacker to escalate their privilege level, potentially achieving full control over the system. This could lead to unauthorized access to sensitive data, installation of persistent malware, or further compromise of the platform [1].

Mitigation

Intel has released firmware updates to address this vulnerability. Affected users should update their system firmware to the latest version provided by Intel for their specific NUC kit model. No workarounds are available; the fix is applied via a firmware update. Refer to the Intel security advisory for the list of affected models and the corresponding fixed firmware versions [1].