Arbitrary code execution in Intel Manageability Firmware
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-5705 CVE-2017-5708 CVE-2017-5711 CVE-2017-5712 |
| CWE-ID | CWE-120 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Manageability Firmware Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU9390
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-5705
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to multiple buffer overflows in kernel. A local attacker can send a specially crafted request, trigger memory corruption, execute arbitrary code and compromise the vulnerable system.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Intel Manageability Firmware: 11.0 - 11.20
CPE2.3- cpe:2.3:h:intel:intel_manageability_firmware:11.20:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.10:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.7:*:*:*:*:*:*:*
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU9391
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-5708
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to multiple buffer overflows in Active Management Technology (AMT). A local attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Intel Manageability Firmware: 11.0 - 11.20
CPE2.3- cpe:2.3:h:intel:intel_manageability_firmware:11.20:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.10:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.7:*:*:*:*:*:*:*
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU9392
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-5711
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The weakness exists due to multiple buffer overflows in Active Management Technology (AMT). A local attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Intel Manageability Firmware: 8.0 - 11.20
CPE2.3- cpe:2.3:h:intel:intel_manageability_firmware:11.20:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.10:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.7:*:*:*:*:*:*:*
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU9393
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-5712
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote administrator to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in Active Management Technology (AMT). A remote attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Intel Manageability Firmware: 8.0 - 11.20
CPE2.3- cpe:2.3:h:intel:intel_manageability_firmware:11.20:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.10:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:11.7:*:*:*:*:*:*:*
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
