CVE-2017-5697

Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
intelactive_management_technology_firmware
9.1 ≤
𝑥
< 9.1.40.1000
intelactive_management_technology_firmware
9.5 ≤
𝑥
< 9.5.60.1952
intelactive_management_technology_firmware
10.0 ≤
𝑥
< 10.0.50.1004
intelactive_management_technology_firmware
11.0 ≤
𝑥
< 11.0.0.1205
intelactive_management_technology_firmware
11.6 ≤
𝑥
< 11.6.25.1129
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00081&languageid=en-fr
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00081&languageid=en-fr