Intel Active Management Technology 10.x < 10.0.55.3000 RCE

2017-05-0300:00:00

Tenable

www.tenable.com

JSON

Versions of Intel Active Management Technology 10.x prior to 10.0.55.3000 are affected by a flaw that is triggered as it insecurely performs read and write operations. This may allow a remote attacker to potentially execute arbitrary code depending on the Intel software installed, or a local attacker to gain privileges in other configurations.

Binary data 700083.prm

VendorProductVersionCPE
intelactive_management_technology_firmwarecpe:/o:intel:active_management_technology_firmware

Vendor	Product	Version	CPE
intel	active_management_technology_firmware		cpe:/o:intel:active_management_technology_firmware

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5689

semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms

mjg59.dreamwidth.org/48429.html

security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

www.embedi.com/news/mythbusters-cve-2017-5689

JSON