Code injection

2017-09-0519:29:00

PRIOn knowledge base

www.prio-n.com

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:C/A:N

0.0004 Low

EPSS

Percentile

5.4%

JSON

Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.

CPENameOperatorVersion
active_management_technology_firmwareeq11.0.25.3001
active_management_technology_firmwareeq11.0.26.3000
manageability_engine_firmwareeq11.0.26.3000
manageability_engine_firmwareeq11.0.25.3001
small_business_technology_firmwareeq11.0.25.3001
small_business_technology_firmwareeq11.0.26.3000

Name	Operator	Version
active_management_technology_firmware	eq	11.0.25.3001
active_management_technology_firmware	eq	11.0.26.3000
manageability_engine_firmware	eq	11.0.26.3000
manageability_engine_firmware	eq	11.0.25.3001
small_business_technology_firmware	eq	11.0.25.3001
small_business_technology_firmware	eq	11.0.26.3000