{ "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2017-5689", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel Active Mangement Technology, Intel Small Business Technology, Intel Standard Manageability", "version": { "version_data": [ { "version_value": "fixed in versions 6.2.61.3535, 7.1.91.3272, 8.1.71.3608, 9.1.41.3024, 10.0.55.3000, 11.0.25.3001, and 11.6.27.3264 and later" } ] } } ] }, "vendor_name": "Intel Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Escalation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability", "refsource": "MISC", "url": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability" }, { "name": "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf", "refsource": "CONFIRM", "url": "https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf" }, { "name": "98269", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98269" }, { "name": "1038385", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038385" }, { "name": "https://security.netapp.com/advisory/ntap-20170509-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20170509-0001/" }, { "name": "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf", "refsource": "MISC", "url": "https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf" }, { "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr", "refsource": "CONFIRM", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr" }, { "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "name": "https://www.embedi.com/news/mythbusters-cve-2017-5689", "refsource": "MISC", "url": "https://www.embedi.com/news/mythbusters-cve-2017-5689" }, { "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf" } ] } }