#VU9393 Buffer overflow in Intel Manageability Firmware - CVE-2017-5712


Vulnerability identifier: #VU9393

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-5712

CWE-ID: CWE-120

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Intel Manageability Firmware
Hardware solutions / Firmware

Vendor: Intel

Description
The vulnerability allows a remote administrator to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in Active Management Technology (AMT). A remote attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Intel Manageability Firmware: 8.0 - 11.20


External links
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability