CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5708
https://notcve.org/view.php?id=CVE-2017-5708
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector. Múltiples escalados de privilegios en el kernel en Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 permiten que un proceso no autorizado acceda a contenidos privilegiados mediante un vector no especificado. • http://www.securityfocus.com/bid/101921 http://www.securitytracker.com/id/1039852 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://www.asus.com/News/wzeltG5CjYaIwGJ0 https://www.synology.com/support/security/Synology_SA_17_73 •
CVSS: 9.0EPSS: 1%CPEs: 402EXPL: 0CVE-2017-5712
https://notcve.org/view.php?id=CVE-2017-5712
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. Desbordamiento de búfer en el kernel en Active Management Technology (AMT) en Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 permite que un atacante con acceso local al sistema ejecute código arbitrario con el privilegio de ejecución AMT. • http://www.securityfocus.com/bid/101920 http://www.securitytracker.com/id/1039852 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://www.asus.com/News/wzeltG5CjYaIwGJ0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5698
https://notcve.org/view.php?id=CVE-2017-5698
Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. El sistema anti-rollback de Intel Active Management Technology, Intel Standard Manageability e Intel Small Business Technology en sus versiones 11.0.25.3001 y 11.0.26.3000 no evita que se actualice el firmware a la versión 11.6.x.1xxx, la cual es vulnerable a CVE-2017-5689. Esto puede llevarlo a cabo un usuario local con privilegios de administrador. • https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr •