CVE-2017-5689 is a vulnerability in Intel Active Management Technology Firmware
Published on May 2, 2017
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Known Exploited Vulnerability
This Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageabilit vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Intel products contain a vulnerability which can allow attackers to perform privilege escalation.
The following remediation steps are recommended / required by July 28, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2017-5689 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Products Associated with CVE-2017-5689
You can be notified by stack.watch whenever vulnerabilities like CVE-2017-5689 are published in these products:
What versions of Active Management Technology Firmware are vulnerable to CVE-2017-5689?
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.
-
Intel Active Management Technology Firmware
Version 9.1
-
Intel Active Management Technology Firmware
Version 10.0
-
Intel Active Management Technology Firmware
Version 7.0
-
Intel Active Management Technology Firmware
Version 8.1
-
Intel Active Management Technology Firmware
Version 6.2
-
Intel Active Management Technology Firmware
Version 11.5
-
Intel Active Management Technology Firmware
Version 9.0
-
Intel Active Management Technology Firmware
Version 6.1
-
Intel Active Management Technology Firmware
Version 9.5
-
Intel Active Management Technology Firmware
Version 8.0
-
Intel Active Management Technology Firmware
Version 11.0
-
Intel Active Management Technology Firmware
Version 11.6
-
Intel Active Management Technology Firmware
Version 6.0
-
Intel Active Management Technology Firmware
Version 7.1