CVE-2017-5697 — UI Misrepresentation / Clickjacking in Intel Active Management Technology Firmware

CWE-1021 — UI Misrepresentation / Clickjacking CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 56.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Active Management Technology Firmware Intel Corporation Active Mangement Technology

Timeline

PublishedJun 14

Latest updateFeb 28

Description

Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDintel/active_management_technology_firmware9.1 — 9.1.40.1000+4

▶CVEListV5intel_corporation/active_mangement_technologybefore 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129

🔴Vulnerability Details

OSV

Ruby SAML vulnerabilities↗2025-02-28

▶

GHSA

GHSA-q5c9-crv8-jc57: Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9↗2022-05-17

▶

CVEList

CVE-2017-5697: Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9↗2017-06-14

▶