SB2017050301 - Privilege escalation in Intel Manageability Firmware

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017050301

SB2017050301 - Privilege escalation in Intel Manageability Firmware

Published: May 3, 2017

Security Bulletin ID SB2017050301
Severity
High
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Privilege escalation (CVE-ID: CVE-2017-5689)

The vulnerability allows a remote unauthenticated or local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper authentication. A remote attacker can connect to the 16992/tcp port through UDP protocol and gain full control of Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). A local attacker can escalate privileges and compromise Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References