CVE-2017-5711
high-risk
Published 2017-11-21
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
Do I need to act?
-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Manageability Engine Firmware
Manageability Engine Firmware
Manageability Engine Firmware
Z170-Premium Firmware
Z170-Pro Firmware
Z170-A Firmware
Z170-K Firmware
Z170-P Firmware
Z170M-Plus Firmware
Z170-P D3 Firmware
Sabertooth Z170 Mark 1 Firmware
Sabertooth Z170 S Firmware
Rog Maximus Viii Extreme Firmware
Rog Maximus Viii Ranger Firmware
Rog Maximus Viii Formula Firmware
Rog Maximus Viii Hero Alpha Firmware
Rog Maximus Viii Impact Firmware
Z170I Pro Gaming Firmware
Z170 Pro Gaming Firmware
Z170 Pro Gaming\/Aura Firmware
References (12)
Broken Link
http://www.securityfocus.com/bid/101918
Issue Tracking
http://www.securitytracker.com/id/1039852
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Issue Tracking
https://security.netapp.com/advisory/ntap-20171120-0001/
Third Party Advisory
https://www.asus.com/News/wzeltG5CjYaIwGJ0
Broken Link
http://www.securityfocus.com/bid/101918
Issue Tracking
http://www.securitytracker.com/id/1039852
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Issue Tracking
https://security.netapp.com/advisory/ntap-20171120-0001/
Third Party Advisory
https://www.asus.com/News/wzeltG5CjYaIwGJ0
58
/ 100
high-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
33/34 · Critical