CVE-2017-5689 Detail Current Description An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

View Analysis Description Analysis Description An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 10.0 HIGH Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source NVD-CWE-noinfo Insufficient Information NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 10 change records found show changes Modified Analysis 2/18/2020 12:12:15 PM Action Type Old Value New Value Removed CVSS V3 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H



Changed Reference Type http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html No Types Assigned



http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch, Third Party Advisory



Changed Reference Type http://www.securitytracker.com/id/1038385 No Types Assigned



http://www.securitytracker.com/id/1038385 Third Party Advisory, VDB Entry



Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf No Types Assigned



https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf Third Party Advisory



Changed Reference Type https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us No Types Assigned



https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us Third Party Advisory



Changed Reference Type https://security.netapp.com/advisory/ntap-20170509-0001/ No Types Assigned



https://security.netapp.com/advisory/ntap-20170509-0001/ Third Party Advisory



CVE Modified by MITRE 2/10/2020 10:15:21 AM Action Type Old Value New Value Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf [No Types Assigned]



CWE Remap 10/02/2019 8:3:26 PM Action Type Old Value New Value Changed CWE CWE-264



NVD-CWE-noinfo



CVE Modified by MITRE 11/09/2017 9:29:20 PM Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20170509-0001/ [No Types Assigned]



CVE Modified by MITRE 8/08/2017 9:29:08 PM Action Type Old Value New Value Added Reference http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html [No Types Assigned]



CVE Modified by MITRE 7/10/2017 9:33:45 PM Action Type Old Value New Value Added Reference http://www.securitytracker.com/id/1038385 [No Types Assigned]



CVE Modified by MITRE 5/29/2017 9:29:00 PM Action Type Old Value New Value Added Reference https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us [No Types Assigned]



Initial Analysis 5/17/2017 12:27:53 PM Action Type Old Value New Value Added CPE Configuration Record truncated, showing 500 of 1098 characters.

View Entire Change Record

OR *cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:* *cpe:2.3:o:intel:active_management_technology_firmware:6.1:*:*:*:*:*:*:* *cpe:2.3:o:intel:active_management_technology_firmware:6.2:*:*:*:*:*:*:* *cpe:2.3:o:intel:active_management_technology_firmware:7.0:*:*:*:*:*:*:* *cpe:2.3:o:intel:active_management_technology_firmware:7.1:*:*:*:*:*:*:* *cpe:2.3:o:intel:active_management_technology_firmware:8.0:*:*:*:*:*:*:* *cpe:2.3:o:intel:active_ Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)



Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-264



Changed Reference Type http://www.securityfocus.com/bid/98269 No Types Assigned



http://www.securityfocus.com/bid/98269 Third Party Advisory, VDB Entry



Changed Reference Type https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf No Types Assigned



https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf Broken Link



Changed Reference Type https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr No Types Assigned



https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr Patch, Vendor Advisory



Changed Reference Type https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf No Types Assigned



https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf Exploit, Technical Description, Third Party Advisory



Changed Reference Type https://www.embedi.com/news/mythbusters-cve-2017-5689 No Types Assigned



https://www.embedi.com/news/mythbusters-cve-2017-5689 Third Party Advisory



Changed Reference Type https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability No Types Assigned



https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability Technical Description, Third Party Advisory



CVE Modified by MITRE 5/06/2017 9:29:00 PM Action Type Old Value New Value Added Reference https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf [No Types Assigned]



Added Reference https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf [No Types Assigned]



Added Reference https://www.embedi.com/news/mythbusters-cve-2017-5689 [No Types Assigned]



Added Reference https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability [No Types Assigned]



CVE Modified by MITRE 5/04/2017 9:29:00 PM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/98269 [No Types Assigned]



Quick Info CVE Dictionary Entry:

CVE-2017-5689

NVD Published Date:

05/02/2017

NVD Last Modified:

02/18/2020

Source:

MITRE

