⚠ Actively exploited
Added to CISA KEV on 2022-01-28. Federal agencies required to patch by 2022-07-28. Required action: Apply updates per vendor instructions..
CVE-2017-5689 — Improper Privilege Management in Intel Active Management Technology Firmware
Severity
9.8CRITICALNVD
EPSS
94.2%
top 0.08%
CISA KEV
KEV
Added 2022-01-28
Due 2022-07-28
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMay 2
KEV addedJan 28
Latest updateMay 13
KEV dueJul 28
CISA Required Action: Apply updates per vendor instructions.
Description
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages33 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-v6j9-wwcx-4984: An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and In↗2022-05-13
CVEList▶
CVE-2017-5689: An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and In↗2017-05-02
VulnCheck▶
Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability↗2017