An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Jan. 28, 2022.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Intel
  • Active Management Technology Firmware

Configuration 1 [-]

OR cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:6.1:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:6.2:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:7.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:7.1:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:8.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:8.1:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:9.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:9.1:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:9.5:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:10.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:11.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:11.5:*:*:*:*:*:*:*
cpe:2.3:o:intel:active_management_technology_firmware:11.6:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html cve-icon cve-icon
http://www.securityfocus.com/bid/98269 cve-icon cve-icon
http://www.securitytracker.com/id/1038385 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf cve-icon cve-icon
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf cve-icon cve-icon
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us cve-icon cve-icon
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20170509-0001/ cve-icon cve-icon
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf cve-icon cve-icon
https://www.embedi.com/news/mythbusters-cve-2017-5689 cve-icon cve-icon
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability cve-icon cve-icon
History

Fri, 07 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics kev

{'dateAdded': '2022-01-28'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: intel

Published: 2017-05-02T14:00:00.000Z

Updated: 2025-02-07T13:44:05.635Z

Reserved: 2017-02-01T00:00:00.000Z

Link: CVE-2017-5689

cve-icon Vulnrichment

Updated: 2024-08-05T15:11:48.401Z

cve-icon NVD

Status : Modified

Published: 2017-05-02T14:59:00.520

Modified: 2025-02-07T14:15:42.800

Link: CVE-2017-5689

cve-icon Redhat

No data.