CVE-2017-5689

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
intelCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
hpeproliant_ml10_gen9_server_firmware
5.0
siemenssimatic_itp1000_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc847d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc847c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_ipc827d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc827c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_ipc677d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc677c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_ipc647d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc647c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_ipc627d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc627c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_ipc547g_firmware
𝑥
< 11.0.26.3000
siemenssimatic_ipc547e_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc547d_firmware
𝑥
< 7.1.91.3272
siemenssimatic_ipc477e_firmware
𝑥
< 21.01.05
siemenssimatic_ipc477d_firmware
-
siemenssimatic_ipc477d_firmware
-
siemenssimatic_field_pg_m3_firmware
𝑥
< 6.2.61.3535
siemenssimatic_field_pg_m4_firmware
𝑥
< 18.01.06
siemenssimatic_field_pg_m5_firmware
𝑥
< 22.01.03
siemenssimatic_ipc627d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_ipc677d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_pcs_7_ipc427e_firmware
𝑥
< 21.01.04
siemenssimatic_pcs_7_ipc547d_firmware
𝑥
< 7.1.91.3272
siemenssimatic_pcs_7_ipc547e_firmware
𝑥
< 9.1.41.3024
siemenssimatic_pcs_7_ipc547g_firmware
𝑥
< 11.0.26.3000
siemenssimatic_pcs_7_ipc627c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_pcs_7_ipc677c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_pcs_7_ipc647c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_pcs_7_ipc647d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_pcs_7_ipc847c_firmware
𝑥
< 6.2.61.3535
siemenssimatic_pcs_7_ipc847d_firmware
𝑥
< 9.1.41.3024
siemenssimatic_pcs_7_ipc427e_firmware
-
siemenssimatic_pcs_7_ipc547g_firmware
𝑥
< 11.0.26.3000
siemenssimatic_pcs_7_ipc477d_firmware
-
siemenssimatic_ipc427d_firmware
-
siemenssimatic_ipc427e_firmware
𝑥
< 21.01.05
siemenssimotion_p320-4_s_firmware
𝑥
< 17.02.06.83.1
siemenssinumerik_pcu50.5-p_firmware
𝑥
< 6.2.61.3535
intelactive_management_technology_firmware
6.0
intelactive_management_technology_firmware
6.1
intelactive_management_technology_firmware
6.2
intelactive_management_technology_firmware
7.0
intelactive_management_technology_firmware
7.1
intelactive_management_technology_firmware
8.0
intelactive_management_technology_firmware
8.1
intelactive_management_technology_firmware
9.0
intelactive_management_technology_firmware
9.1
intelactive_management_technology_firmware
9.5
intelactive_management_technology_firmware
10.0
intelactive_management_technology_firmware
11.0
intelactive_management_technology_firmware
11.5
intelactive_management_technology_firmware
11.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/98269
http://www.securitytracker.com/id/1038385
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://security.netapp.com/advisory/ntap-20170509-0001/
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
https://www.embedi.com/news/mythbusters-cve-2017-5689
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.securityfocus.com/bid/98269
http://www.securitytracker.com/id/1038385
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://security.netapp.com/advisory/ntap-20170509-0001/
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
https://www.embedi.com/news/mythbusters-cve-2017-5689
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability