First published: Wed Jun 14 2017(Updated: )
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.
Credit: secure@intel.com
Affected Software | Affected Version | How to fix |
---|---|---|
Intel Active Management Technology | >=9.1<9.1.40.1000 | |
Intel Active Management Technology | >=9.5<9.5.60.1952 | |
Intel Active Management Technology | >=10.0<10.0.50.1004 | |
Intel Active Management Technology | >=11.0<11.0.0.1205 | |
Intel Active Management Technology | >=11.6<11.6.25.1129 | |
Intel Active Management Technology | =9.1 | |
Intel Active Management Technology | =9.5 | |
Intel Active Management Technology | =10.0 | |
Intel Active Management Technology | =11.0 | |
Intel Active Management Technology | =11.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-5697 is rated as medium severity due to its potential to allow clickjacking attacks.
To fix CVE-2017-5697, update to Intel Active Management Technology firmware versions 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, or 11.6.25.1129.
CVE-2017-5697 exploits insufficient clickjacking protection in the Intel AMT web interface.
Intel Active Management Technology firmware versions prior to 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 are affected by CVE-2017-5697.
Users of vulnerable Intel AMT firmware may be at risk from CVE-2017-5697 due to potential clickjacking attacks.