CVE-2017-5689
Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Un atacante de red sin privilegios podría alcanzar privilegios del sistema para aprovisionar SKUs de administrabilidad Intel: Intel Active Management Technology (AMT) e Intel Standard Manageability (ISM). Un atacante local sin privilegios podría aprovisionar características de administrabilidad alcanzando privilegios de red o sistema local no privilegiados en SKUs de administrabilidad de Intel: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) e Intel Small Business Technology (SBT).
Intel products contain a vulnerability which can allow attackers to perform privilege escalation.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-02-01 CVE Reserved
- 2017-05-02 CVE Published
- 2017-05-04 First Exploit
- 2022-01-28 Exploited in Wild
- 2022-07-28 KEV Due Date
- 2024-08-05 CVE Updated
- 2024-10-12 EPSS Updated
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98269 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038385 | Third Party Advisory | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf | Third Party Advisory |
|
| https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf | Broken Link | |
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20170509-0001 | Third Party Advisory |
|
| https://www.embedi.com/news/mythbusters-cve-2017-5689 | Third Party Advisory | |
| https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability | Technical Description |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/43385 | 2017-05-10 | |
| https://github.com/CerberusSecurity/CVE-2017-5689 | 2017-05-04 | |
| https://github.com/TheWay-hue/CVE-2017-5689-Checker | 2021-07-14 | |
| https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf | 2024-08-05 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 6.0 Search vendor "Intel" for product "Active Management Technology Firmware" and version "6.0" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 6.1 Search vendor "Intel" for product "Active Management Technology Firmware" and version "6.1" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 6.2 Search vendor "Intel" for product "Active Management Technology Firmware" and version "6.2" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 7.0 Search vendor "Intel" for product "Active Management Technology Firmware" and version "7.0" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 7.1 Search vendor "Intel" for product "Active Management Technology Firmware" and version "7.1" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 8.0 Search vendor "Intel" for product "Active Management Technology Firmware" and version "8.0" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 8.1 Search vendor "Intel" for product "Active Management Technology Firmware" and version "8.1" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 9.0 Search vendor "Intel" for product "Active Management Technology Firmware" and version "9.0" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 9.1 Search vendor "Intel" for product "Active Management Technology Firmware" and version "9.1" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 9.5 Search vendor "Intel" for product "Active Management Technology Firmware" and version "9.5" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 10.0 Search vendor "Intel" for product "Active Management Technology Firmware" and version "10.0" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 11.0 Search vendor "Intel" for product "Active Management Technology Firmware" and version "11.0" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 11.5 Search vendor "Intel" for product "Active Management Technology Firmware" and version "11.5" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Active Management Technology Firmware Search vendor "Intel" for product "Active Management Technology Firmware" | 11.6 Search vendor "Intel" for product "Active Management Technology Firmware" and version "11.6" | - |
Affected
| ||||||