Firmware Vulnerability in Intel Active Management Technology and Standard Manageability
CVE-2017-5698

4.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel Active Management Technology, Intel Standard Manageability, And Intel Small Business Technology
Vendor: CVE Published:; 5 September 2017

Summary

The firmware of Intel Active Management Technology, Standard Manageability, and Small Business Technology has a vulnerability that allows a local user with administrative privileges to upgrade to an insecure firmware version (11.6.x.1xxx). This version lacks proper anti-rollback protection, potentially exposing systems to known vulnerabilities, compromising security and integrity.

Affected Version(s)

Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology version 11.0.25.3001 and 11.0.26.3000

References

https://security-center.intel.com/advisory.aspx?intelid=I...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2017
Vulnerability Reserved
Feb 1, 2017