Intel Active Management Technology Firmware vulnerabilities

49 known vulnerabilities affecting intel/active_management_technology_firmware.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL9HIGH19MEDIUM21

Vulnerabilities

Page 1 of 3

CVE-2022-26845CRITICALCVSS 9.8fixed in 11.8.93≥ 11.12.0, < 11.12.93+5 more2022-11-11

CVE-2022-26845 [HIGH] CWE-287 CVE-2022-26845: Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12 Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2022-29893HIGHCVSS 8.8fixed in 11.8.93≥ 11.12.0, < 11.12.93+5 more2022-11-11

CVE-2022-29893 [HIGH] CWE-287 CVE-2022-29893: Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12 Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2022-27497HIGHCVSS 7.5fixed in 11.8.93≥ 11.12.0, < 11.12.93+5 more2022-11-11

CVE-2022-27497 [HIGH] CWE-476 CVE-2022-27497: Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12 Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.

nvd

CVE-2021-33159MEDIUMCVSS 6.7fixed in 11.8.93≥ 11.12.0, < 11.12.93+5 more2022-11-11

CVE-2021-33159 [HIGH] CWE-287 CVE-2021-33159: Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 1 Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access.

nvd

CVE-2021-33068MEDIUMCVSS 6.5fixed in 15.0.352022-02-09

CVE-2021-33068 [MEDIUM] CWE-476 CVE-2021-33068: Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenti Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.

nvd

CVE-2020-8747CRITICALCVSS 9.1fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8747 [CRITICAL] CWE-125 CVE-2020-8747: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.7 Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

nvd

CVE-2020-8752CRITICALCVSS 9.8fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8752 [CRITICAL] CWE-787 CVE-2020-8752: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12. Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.

nvd

CVE-2020-8753HIGHCVSS 7.5fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8753 [HIGH] CWE-125 CVE-2020-8753: Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.8 Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

nvd

CVE-2020-8749HIGHCVSS 8.8fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8749 [HIGH] CWE-125 CVE-2020-8749: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.7 Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

nvd

CVE-2020-8754HIGHCVSS 7.5fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8754 [HIGH] CWE-125 CVE-2020-8754: Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11 Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.

nvd

CVE-2020-8760HIGHCVSS 7.8fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8760 [HIGH] CWE-190 CVE-2020-8760: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

nvd

CVE-2020-8746MEDIUMCVSS 6.5fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8746 [MEDIUM] CWE-190 CVE-2020-8746: Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

nvd

CVE-2020-12356MEDIUMCVSS 4.4fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-12356 [MEDIUM] CWE-125 CVE-2020-12356: Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.

nvd

CVE-2020-8757MEDIUMCVSS 6.7fixed in 11.8.80≥ 11.12.0, < 11.12.80+3 more2020-11-12

CVE-2020-8757 [MEDIUM] CWE-125 CVE-2020-8757: Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.7 Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.

nvd

CVE-2020-8758CRITICALCVSS 9.8≥ 11.8, < 11.8.79≥ 11.12, < 11.12.79+3 more2020-09-10

CVE-2020-8758 [CRITICAL] CVE-2020-8758: Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versi Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via

nvd

CVE-2020-0595CRITICALCVSS 9.8≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15

CVE-2020-0595 [CRITICAL] CWE-416 CVE-2020-0595: Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2020-0594CRITICALCVSS 9.8≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15

CVE-2020-0594 [CRITICAL] CWE-125 CVE-2020-0594: Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12 Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

nvd

CVE-2020-0540HIGHCVSS 7.5≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15

CVE-2020-0540 [HIGH] CWE-522 CVE-2020-0540: Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

nvd

CVE-2020-0538HIGHCVSS 7.5≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15

CVE-2020-0538 [HIGH] CWE-20 CVE-2020-0538: Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.

nvd

CVE-2020-0596HIGHCVSS 7.5≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15

CVE-2020-0596 [HIGH] CWE-20 CVE-2020-0596: Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8. Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

nvd

1 / 3Next →