CVE-2017-5689
critical-risk
Published 2017-05-02
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Do I need to act?
!
94.2% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
References (23)
Broken Link
http://www.securityfocus.com/bid/98269
Broken Link
http://www.securitytracker.com/id/1038385
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20170509-0001/
Technical Description
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Broken Link
http://www.securityfocus.com/bid/98269
Broken Link
http://www.securitytracker.com/id/1038385
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20170509-0001/
and 3 more references
85
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
27/34 · High
Exposure
26/34 · High