#VU9393 Buffer overflow in Intel Manageability Firmware - CVE-2017-5712
Vulnerability identifier: #VU9393
Vulnerability risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID:
CWE-ID:
CWE-120
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Intel Manageability Firmware
Hardware solutions /
Firmware
Vendor: Intel
Description
The vulnerability allows a remote administrator to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in Active Management Technology (AMT). A remote attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.
Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versions
Intel Manageability Firmware: 8.0 - 11.20
External links
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
