10
CVE-2017-5689
- EPSS 92.19%
- Veröffentlicht 02.05.2017 14:59:00
- Zuletzt bearbeitet 22.04.2026 16:06:47
- Quelle secure@intel.com
- CVE-Watchlists
- Unerledigt
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hpe ≫ Proliant Ml10 Gen9 Server Firmware Version5.0
Siemens ≫ Simatic Itp1000 Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc847d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc847c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Ipc827d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc827c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Ipc677d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc677c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Ipc647d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc647c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Ipc627d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc627c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Ipc547g Firmware Version < 11.0.26.3000
Siemens ≫ Simatic Ipc547e Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc547d Firmware Version < 7.1.91.3272
Siemens ≫ Simatic Ipc477e Firmware Version < 21.01.05
Siemens ≫ Simatic Ipc477d Firmware Version- SwEdition-
Siemens ≫ Simatic Ipc477d Firmware Version- SwEditionpro
Siemens ≫ Simatic Field Pg M3 Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Field Pg M4 Firmware Version < 18.01.06
Siemens ≫ Simatic Field Pg M5 Firmware Version < 22.01.03
Siemens ≫ Simatic Ipc627d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Ipc677d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Pcs 7 Ipc427e Firmware Version < 21.01.04
Siemens ≫ Simatic Pcs 7 Ipc547d Firmware Version < 7.1.91.3272
Siemens ≫ Simatic Pcs 7 Ipc547e Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Pcs 7 Ipc547g Firmware Version < 11.0.26.3000
Siemens ≫ Simatic Pcs 7 Ipc627c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Pcs 7 Ipc677c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Pcs 7 Ipc647c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Pcs 7 Ipc647d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Pcs 7 Ipc847c Firmware Version < 6.2.61.3535
Siemens ≫ Simatic Pcs 7 Ipc847d Firmware Version < 9.1.41.3024
Siemens ≫ Simatic Pcs 7 Ipc427e Firmware Version-
Siemens ≫ Simatic Pcs 7 Ipc547g Firmware Version < 11.0.26.3000
Siemens ≫ Simatic Pcs 7 Ipc477d Firmware Version-
Siemens ≫ Simatic Ipc427d Firmware Version-
Siemens ≫ Simatic Ipc427e Firmware Version < 21.01.05
Siemens ≫ Simotion P320-4 S Firmware Version < 17.02.06.83.1
Siemens ≫ Sinumerik Pcu50.5-p Firmware Version < 6.2.61.3535
Intel ≫ Active Management Technology Firmware Version6.0
Intel ≫ Active Management Technology Firmware Version6.1
Intel ≫ Active Management Technology Firmware Version6.2
Intel ≫ Active Management Technology Firmware Version7.0
Intel ≫ Active Management Technology Firmware Version7.1
Intel ≫ Active Management Technology Firmware Version8.0
Intel ≫ Active Management Technology Firmware Version8.1
Intel ≫ Active Management Technology Firmware Version9.0
Intel ≫ Active Management Technology Firmware Version9.1
Intel ≫ Active Management Technology Firmware Version9.5
Intel ≫ Active Management Technology Firmware Version10.0
Intel ≫ Active Management Technology Firmware Version11.0
Intel ≫ Active Management Technology Firmware Version11.5
Intel ≫ Active Management Technology Firmware Version11.6
28.01.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability
SchwachstelleIntel products contain a vulnerability which can allow attackers to perform privilege escalation.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.19% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/98269
http://www.securitytracker.com/id/1038385
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://security.netapp.com/advisory/ntap-20170509-0001/
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
https://www.embedi.com/news/mythbusters-cve-2017-5689
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5689