CVE-2017-5712
high-risk
Published 2017-11-21
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
Do I need to act?
~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Manageability Engine Firmware
Manageability Engine Firmware
Manageability Engine Firmware
Z170-Premium Firmware
Z170-Pro Firmware
Z170-A Firmware
Z170-K Firmware
Z170-P Firmware
Z170M-Plus Firmware
Z170-P D3 Firmware
Sabertooth Z170 Mark 1 Firmware
Sabertooth Z170 S Firmware
Rog Maximus Viii Extreme Firmware
Rog Maximus Viii Ranger Firmware
Rog Maximus Viii Formula Firmware
Rog Maximus Viii Hero Alpha Firmware
Rog Maximus Viii Impact Firmware
Z170I Pro Gaming Firmware
Z170 Pro Gaming Firmware
Z170 Pro Gaming\/Aura Firmware
References (12)
Third Party Advisory
http://www.securityfocus.com/bid/101920
Issue Tracking
http://www.securitytracker.com/id/1039852
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Issue Tracking
https://security.netapp.com/advisory/ntap-20171120-0001/
Third Party Advisory
https://www.asus.com/News/wzeltG5CjYaIwGJ0
Third Party Advisory
http://www.securityfocus.com/bid/101920
Issue Tracking
http://www.securitytracker.com/id/1039852
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Issue Tracking
https://security.netapp.com/advisory/ntap-20171120-0001/
Third Party Advisory
https://www.asus.com/News/wzeltG5CjYaIwGJ0
65
/ 100
high-risk
Severity
26/34 · High
Exploitability
6/34 · Minimal
Exposure
33/34 · Critical