CVE-2017-5689: Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability
First published: Tue May 02 2017(Updated: )
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Credit: secure@intel.com secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Active Management Technology Firmware | =6.0 | |
| Intel Active Management Technology Firmware | =6.1 | |
| Intel Active Management Technology Firmware | =6.2 | |
| Intel Active Management Technology Firmware | =7.0 | |
| Intel Active Management Technology Firmware | =7.1 | |
| Intel Active Management Technology Firmware | =8.0 | |
| Intel Active Management Technology Firmware | =8.1 | |
| Intel Active Management Technology Firmware | =9.0 | |
| Intel Active Management Technology Firmware | =9.1 | |
| Intel Active Management Technology Firmware | =9.5 | |
| Intel Active Management Technology Firmware | =10.0 | |
| Intel Active Management Technology Firmware | =11.0 | |
| Intel Active Management Technology Firmware | =11.5 | |
| Intel Active Management Technology Firmware | =11.6 | |
| Intel Standard Manageability | ||
| =6.0 | ||
| =6.1 | ||
| =6.2 | ||
| =7.0 | ||
| =7.1 | ||
| =8.0 | ||
| =8.1 | ||
| =9.0 | ||
| =9.1 | ||
| =9.5 | ||
| =10.0 | ||
| =11.0 | ||
| =11.5 | ||
| =11.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securityfocus.com/bid/98269
- http://www.securitytracker.com/id/1038385
- https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
- https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
- https://security.netapp.com/advisory/ntap-20170509-0001/
- https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
- https://www.embedi.com/news/mythbusters-cve-2017-5689
- https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2017-5689
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- agent/title
- agent/severity
- agent/event
- agent/references
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/source
- collector/nvd-api
- agent/last-modified-date
- agent/tags
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup-request
- vendor/intel
- canonical/intel active management technology firmware
- version/intel active management technology firmware/6.0
- version/intel active management technology firmware/6.1
- version/intel active management technology firmware/6.2
- version/intel active management technology firmware/7.0
- version/intel active management technology firmware/7.1
- version/intel active management technology firmware/8.0
- version/intel active management technology firmware/8.1
- version/intel active management technology firmware/9.0
- version/intel active management technology firmware/9.1
- version/intel active management technology firmware/9.5
- version/intel active management technology firmware/10.0
- version/intel active management technology firmware/11.0
- version/intel active management technology firmware/11.5
- version/intel active management technology firmware/11.6
- canonical/intel standard manageability