Intel Active Management Technology Firmware vulnerabilities
49 known vulnerabilities affecting intel/active_management_technology_firmware.
Total CVEs
49
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH19MEDIUM21
Vulnerabilities
Page 2 of 3
CVE-2020-0597HIGHCVSS 7.5≥ 11.0, ≤ 11.8.76≥ 11.10, ≤ 11.11.76+4 more2020-06-15
CVE-2020-0597 [HIGH] CWE-125 CVE-2020-0597: Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may al
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
nvd
CVE-2020-0532HIGHCVSS 7.1≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15
CVE-2020-0532 [HIGH] CWE-20 CVE-2020-0532: Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
nvd
CVE-2020-0537MEDIUMCVSS 4.9≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15
CVE-2020-0537 [MEDIUM] CWE-20 CVE-2020-0537: Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.
nvd
CVE-2020-8674MEDIUMCVSS 5.3≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+3 more2020-06-15
CVE-2020-8674 [MEDIUM] CWE-125 CVE-2020-8674: Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.1
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.
nvd
CVE-2020-0531MEDIUMCVSS 6.5≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15
CVE-2020-0531 [MEDIUM] CWE-20 CVE-2020-0531: Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 ma
Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.
nvd
CVE-2020-0535MEDIUMCVSS 5.3≥ 11.0, < 11.8.77≥ 11.10, < 11.12.77+2 more2020-06-15
CVE-2020-0535 [MEDIUM] CWE-20 CVE-2020-0535: Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 ma
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
nvd
CVE-2019-11107CRITICALCVSS 9.8≥ 12.0, < 12.0.452019-12-18
CVE-2019-11107 [CRITICAL] CWE-20 CVE-2019-11107: Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
nvd
CVE-2019-11131CRITICALCVSS 9.8≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+2 more2019-12-18
CVE-2019-11131 [CRITICAL] CVE-2019-11131: Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
nvd
CVE-2019-11132HIGHCVSS 8.4≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+2 more2019-12-18
CVE-2019-11132 [HIGH] CWE-79 CVE-2019-11132: Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12
Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.
nvd
CVE-2019-11088HIGHCVSS 8.8≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+2 more2019-12-18
CVE-2019-11088 [HIGH] CWE-20 CVE-2019-11088: Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
nvd
CVE-2019-0166HIGHCVSS 7.5≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+2 more2019-12-18
CVE-2019-0166 [HIGH] CWE-20 CVE-2019-0166: Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 1
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
nvd
CVE-2019-0131HIGHCVSS 8.1≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+2 more2019-12-18
CVE-2019-0131 [HIGH] CWE-20 CVE-2019-0131: Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
nvd
CVE-2019-11100MEDIUMCVSS 4.6≥ 11.0, < 11.8.70≥ 11.10, < 11.11.70+2 more2019-12-18
CVE-2019-11100 [MEDIUM] CWE-20 CVE-2019-11100: Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 1
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access.
nvd
CVE-2019-11086MEDIUMCVSS 6.8≥ 12.0, < 12.0.452019-12-18
CVE-2019-11086 [MEDIUM] CWE-20 CVE-2019-11086: Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unau
Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
nvd
CVE-2019-0096HIGHCVSS 8.0≥ 11.8.0, < 11.8.65≥ 11.11.0, < 11.11.65+2 more2019-05-17
CVE-2019-0096 [HIGH] CWE-787 CVE-2019-0096: Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11
Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.
nvd
CVE-2019-0092MEDIUMCVSS 6.8≥ 11.8.0, < 11.8.65≥ 11.11.0, < 11.11.65+2 more2019-05-17
CVE-2019-0092 [MEDIUM] CWE-20 CVE-2019-0092: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 1
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
nvd
CVE-2019-0094MEDIUMCVSS 4.3≥ 11.8.0, < 11.8.65≥ 11.11.0, < 11.11.65+2 more2019-05-17
CVE-2019-0094 [MEDIUM] CWE-20 CVE-2019-0094: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 1
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.
nvd
CVE-2019-0097MEDIUMCVSS 4.9≥ 12.0.20, < 12.0.352019-05-17
CVE-2019-0097 [MEDIUM] CWE-20 CVE-2019-0097: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.
nvd
CVE-2018-12187HIGHCVSS 7.5≥ 11.0, < 11.8.60≥ 11.10, < 11.11.60+2 more2019-03-14
CVE-2018-12187 [HIGH] CWE-20 CVE-2018-12187: Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version
Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.
nvd
CVE-2018-3658MEDIUMCVSS 5.3fixed in 12.0.52018-09-12
CVE-2018-3658 [MEDIUM] CWE-772 CVE-2018-3658: Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauth
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
nvd