Intel Serial Peripheral Interface Vulnerability

A vulnerability in Intel's Serial Peripheral Interface (SPI) may allow an attacker to edit or block BIOS/UEFI updates or erase firmware.

Threat ID:: CC-2277
Category:: Exploit
Threat Severity:: Medium
Threat Vector:
Published:: 19 April 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A vulnerability in Intel's Serial Peripheral Interface (SPI) may allow an attacker to edit or block BIOS/UEFI updates or erase firmware.

Threat details

An error in the configuration of the SPI Flash memory can result in its behaviour being modified by an attacker. This is a mandatory component of the boot-up process on affected devices and any changes to it will most likely result in denial-of-service or damage to the device. In some rare circumstances it may also allow for an remote attacker t execute arbitrary code.

At the time of publication there are no known exploits of this vulnerability.

For further information

Remediation steps

Type	Step
	Intel have produced an update to rectify this vulnerability and are in the process of distributing it to manufacturers and suppliers for further dissemination. Users and administrators are encouraged to apply this update immediately.

CVE Vulnerabilities

Status

CVE-2017-5703

Last edited: 17 February 2020 12:45 pm