Medium severity6.7NVD Advisory· Published Jul 25, 2017· Updated May 13, 2026

CVE-2017-9457

Description

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.

Affected products

Compulab/Intense Pc Firmware
cpe:2.3:o:compulab:intense_pc_firmware:*:*:*:*:*:*:*:*
Range: <=cr_2.2.0.400.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/143481/Compulab-Intense-PC-MintBox-2-Signature-Verification.htmlnvdThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2017/Jul/56nvdMailing ListThird Party Advisory
watchmysys.com/blog/2017/07/cve-2017-9457-compulab-intense-pc-lacks-firmware-validation/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.436
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000