CVE-2017-5689: Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability
First published: Tue May 02 2017(Updated: )
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Credit: secure@intel.com secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Standard Manageability | ||
| Intel Active Management Technology | =6.0 | |
| Intel Active Management Technology | =6.1 | |
| Intel Active Management Technology | =6.2 | |
| Intel Active Management Technology | =7.0 | |
| Intel Active Management Technology | =7.1 | |
| Intel Active Management Technology | =8.0 | |
| Intel Active Management Technology | =8.1 | |
| Intel Active Management Technology | =9.0 | |
| Intel Active Management Technology | =9.1 | |
| Intel Active Management Technology | =9.5 | |
| Intel Active Management Technology | =10.0 | |
| Intel Active Management Technology | =11.0 | |
| Intel Active Management Technology | =11.5 | |
| Intel Active Management Technology | =11.6 | |
| All of | ||
| HPE ProLiant ML10 Gen9 Server Firmware | =5.0 | |
| HP ProLiant ML10 Gen9 Server | ||
| All of | ||
| Siemens Simatic ITP1000 | <9.1.41.3024 | |
| Siemens Simatic ITP1000 Firmware | ||
| All of | ||
| Siemens SIMATIC IPC847D Firmware | <9.1.41.3024 | |
| Siemens SIMATIC IPC847D Firmware | ||
| All of | ||
| Siemens SIMATIC IPC Series Firmware | <6.2.61.3535 | |
| Siemens SIMATIC IPC847C Firmware | ||
| All of | ||
| Siemens SIMATIC IPC827D | <9.1.41.3024 | |
| Siemens SIMATIC IPC827D Firmware | ||
| All of | ||
| Siemens SIMATIC IPC827C | <6.2.61.3535 | |
| Siemens SIMATIC IPC827C Firmware | ||
| All of | ||
| Siemens SIMATIC IPC677D Firmware | <9.1.41.3024 | |
| Siemens SIMATIC IPC677D Firmware | ||
| All of | ||
| Siemens Simatic IPC677C | <6.2.61.3535 | |
| Siemens Simatic IPC677C Firmware | ||
| All of | ||
| Siemens SIMATIC IPC647D | <9.1.41.3024 | |
| Siemens SIMATIC IPC647D Firmware | ||
| All of | ||
| Siemens SIMATIC IPC647C | <6.2.61.3535 | |
| Siemens SIMATIC IPC647C firmware | ||
| All of | ||
| Siemens SIMATIC IPC Firmware | <9.1.41.3024 | |
| Siemens SIMATIC IPC627D Firmware | ||
| All of | ||
| Siemens SIMATIC IPC627C | <6.2.61.3535 | |
| Siemens SIMATIC IPC627C | ||
| All of | ||
| Siemens Simatic IPC547G | <11.0.26.3000 | |
| Siemens Simatic IPC547G Firmware | ||
| All of | ||
| Siemens Simatic IPC547E | <9.1.41.3024 | |
| Siemens Simatic PCS 7 IPC547E | ||
| All of | ||
| Siemens Simatic IPC547D Firmware | <7.1.91.3272 | |
| Siemens Simatic IPC547D Firmware | ||
| All of | ||
| Siemens Simatic IPC477E Firmware | <21.01.05 | |
| Siemens Simatic IPC477E Firmware | ||
| All of | ||
| Any of | ||
| Siemens Simatic PCS 7 IPC477D Firmware | ||
| Siemens Simatic PCS 7 IPC477D Firmware | ||
| Siemens Simatic IPC477D Firmware | ||
| All of | ||
| Siemens Simatic Field PG M3 | <6.2.61.3535 | |
| Siemens Simatic Field PG M3 Firmware | ||
| All of | ||
| Siemens Simatic Field PG M4 Firmware | <18.01.06 | |
| Siemens Simatic Field PG M4 | ||
| All of | ||
| Siemens Simatic Field PG M5 | <22.01.03 | |
| Siemens Simatic Field PG M5 | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc427e | <21.01.04 | |
| Siemens Simatic Pcs 7 Ipc427e | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc547d Firmware | <7.1.91.3272 | |
| Siemens Simatic Pcs 7 Ipc547d Firmware | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc547e Firmware | <9.1.41.3024 | |
| Siemens Simatic PCS 7 IPC547E | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc547g Firmware | <11.0.26.3000 | |
| Siemens Simatic Pcs 7 Ipc547g Firmware | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc627c Firmware | <6.2.61.3535 | |
| Siemens Simatic Pcs 7 Ipc627c Firmware | ||
| All of | ||
| Siemens Simatic Pcs 7 | <6.2.61.3535 | |
| Siemens Simatic Pcs 7 | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc647c | <6.2.61.3535 | |
| Siemens Simatic Pcs 7 Ipc647c Firmware | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc647d Firmware | <9.1.41.3024 | |
| Siemens Simatic Pcs 7 Ipc647d Firmware | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc847c | <6.2.61.3535 | |
| Siemens Simatic PCS 7 IPC847C Firmware | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc847d | <9.1.41.3024 | |
| Siemens Simatic Pcs 7 Ipc847d Firmware | ||
| All of | ||
| Siemens Simatic Pcs 7 Ipc427e | ||
| Siemens Simatic Pcs 7 Ipc427e | ||
| All of | ||
| Siemens Simatic PCS 7 IPC477D Firmware | ||
| Siemens Simatic PCS 7 IPC477D Firmware | ||
| All of | ||
| Siemens Simatic IPC427D | ||
| Siemens Simatic IPC427D | ||
| All of | ||
| Siemens Simatic IPC427E Firmware | <21.01.05 | |
| Siemens Simatic IPC427E Firmware | ||
| All of | ||
| Siemens SIMOTION P320-4 S | <17.02.06.83.1 | |
| Siemens Simotion | ||
| All of | ||
| Siemens Sinumerik PCU 50.5 Firmware | <6.2.61.3535 | |
| Siemens Sinumerik PCU Base | ||
| All of | ||
| =5.0 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <11.0.26.3000 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <7.1.91.3272 | ||
| All of | ||
| <21.01.05 | ||
| All of | ||
| Any of | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <18.01.06 | ||
| All of | ||
| <22.01.03 | ||
| All of | ||
| <21.01.04 | ||
| All of | ||
| <7.1.91.3272 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <11.0.26.3000 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| <6.2.61.3535 | ||
| All of | ||
| <9.1.41.3024 | ||
| All of | ||
| All of | ||
| All of | ||
| All of | ||
| <21.01.05 | ||
| All of | ||
| <17.02.06.83.1 | ||
| All of | ||
| <6.2.61.3535 | ||
| =6.0 | ||
| =6.1 | ||
| =6.2 | ||
| =7.0 | ||
| =7.1 | ||
| =8.0 | ||
| =8.1 | ||
| =9.0 | ||
| =9.1 | ||
| =9.5 | ||
| =10.0 | ||
| =11.0 | ||
| =11.5 | ||
| =11.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securityfocus.com/bid/98269
- http://www.securitytracker.com/id/1038385
- https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
- https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
- https://security.netapp.com/advisory/ntap-20170509-0001/
- https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
- https://www.embedi.com/news/mythbusters-cve-2017-5689
- https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2017-5689
Frequently Asked Questions
What is the severity of CVE-2017-5689?
CVE-2017-5689 is rated as critical due to its potential to allow an unprivileged network attacker to gain elevated privileges.
How do I fix CVE-2017-5689?
To remediate CVE-2017-5689, it is recommended to update to the latest firmware version of Intel Active Management Technology.
What products are affected by CVE-2017-5689?
CVE-2017-5689 affects several versions of Intel Active Management Technology Firmware, including versions 6.0 to 11.6.
What type of attacker can exploit CVE-2017-5689?
CVE-2017-5689 can be exploited by both unprivileged network and local attackers.
Are there any workarounds for CVE-2017-5689?
Currently, the primary mitigation for CVE-2017-5689 is to apply the available firmware updates from Intel.
- agent/type
- agent/remedy
- agent/description
- agent/title
- agent/severity
- agent/references
- agent/author
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/first-publish-date
- agent/weakness
- agent/event
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- vendor/intel
- canonical/intel standard manageability
- canonical/intel active management technology
- version/intel active management technology/6.0
- version/intel active management technology/6.1
- version/intel active management technology/6.2
- version/intel active management technology/7.0
- version/intel active management technology/7.1
- version/intel active management technology/8.0
- version/intel active management technology/8.1
- version/intel active management technology/9.0
- version/intel active management technology/9.1
- version/intel active management technology/9.5
- version/intel active management technology/10.0
- version/intel active management technology/11.0
- version/intel active management technology/11.5
- version/intel active management technology/11.6
- vendor/hpe
- canonical/hpe proliant ml10 gen9 server firmware
- version/hpe proliant ml10 gen9 server firmware/5.0
- canonical/hp proliant ml10 gen9 server
- vendor/siemens
- canonical/siemens simatic itp1000
- canonical/siemens simatic itp1000 firmware
- canonical/siemens simatic ipc847d firmware
- canonical/siemens simatic ipc series firmware
- canonical/siemens simatic ipc847c firmware
- canonical/siemens simatic ipc827d
- canonical/siemens simatic ipc827d firmware
- canonical/siemens simatic ipc827c
- canonical/siemens simatic ipc827c firmware
- canonical/siemens simatic ipc677d firmware
- canonical/siemens simatic ipc677c
- canonical/siemens simatic ipc677c firmware
- canonical/siemens simatic ipc647d
- canonical/siemens simatic ipc647d firmware
- canonical/siemens simatic ipc647c
- canonical/siemens simatic ipc647c firmware
- canonical/siemens simatic ipc firmware
- canonical/siemens simatic ipc627d firmware
- canonical/siemens simatic ipc627c
- canonical/siemens simatic ipc547g
- canonical/siemens simatic ipc547g firmware
- canonical/siemens simatic ipc547e
- canonical/siemens simatic pcs 7 ipc547e
- canonical/siemens simatic ipc547d firmware
- canonical/siemens simatic ipc477e firmware
- canonical/siemens simatic pcs 7 ipc477d firmware
- canonical/siemens simatic ipc477d firmware
- canonical/siemens simatic field pg m3
- canonical/siemens simatic field pg m3 firmware
- canonical/siemens simatic field pg m4 firmware
- canonical/siemens simatic field pg m4
- canonical/siemens simatic field pg m5
- canonical/siemens simatic pcs 7 ipc427e
- canonical/siemens simatic pcs 7 ipc547d firmware
- canonical/siemens simatic pcs 7 ipc547e firmware
- canonical/siemens simatic pcs 7 ipc547g firmware
- canonical/siemens simatic pcs 7 ipc627c firmware
- canonical/siemens simatic pcs 7
- canonical/siemens simatic pcs 7 ipc647c
- canonical/siemens simatic pcs 7 ipc647c firmware
- canonical/siemens simatic pcs 7 ipc647d firmware
- canonical/siemens simatic pcs 7 ipc847c
- canonical/siemens simatic pcs 7 ipc847c firmware
- canonical/siemens simatic pcs 7 ipc847d
- canonical/siemens simatic pcs 7 ipc847d firmware
- canonical/siemens simatic ipc427d
- canonical/siemens simatic ipc427e firmware
- canonical/siemens simotion p320-4 s
- canonical/siemens simotion
- canonical/siemens sinumerik pcu 50.5 firmware
- canonical/siemens sinumerik pcu base