CVE-2017-5689
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Intel Corporation | Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability | fixed in versions 6.2.61.3535, 7.1.91.3272, 8.1.71.3608, 9.1.41.3024, 10.0.55.3000, 11.0.25.3001, and 11.6.27.3264 and later | affected |
Weaknesses
- Escalation of Privilege
ADP Enrichment
CVE Program Container
Additional References
- https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
- https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
- http://www.securityfocus.com/bid/98269
- http://www.securitytracker.com/id/1038385
- https://security.netapp.com/advisory/ntap-20170509-0001/
- https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- https://www.embedi.com/news/mythbusters-cve-2017-5689
- https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
- https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
- http://www.securityfocus.com/bid/98269
- http://www.securitytracker.com/id/1038385
- https://security.netapp.com/advisory/ntap-20170509-0001/
- https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- https://www.embedi.com/news/mythbusters-cve-2017-5689
- https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.