54 matches found
CVE-2017-5689
CVE-2017-5689 describes a privilege-escalation vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). An unprivileged network or local attacker could gain administrative or higher privileges to provision manageabil...
CVE-2021-33159
Intel AMT vulnerability CVE-2021-33159 stems from improper authentication in the AMT subsystem, enabling a privileged user to escalate privileges via local access. Affected firmware versions include AMT before 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25. Red Hat and other ...
CVE-2020-8758
CVE-2020-8758 affects Intel AMT/ISM: improper buffer restrictions in the network subsystem may allow escalation of privilege. In provisioned systems, an unauthenticated attacker on the network can potentially escalate privileges; on un-provisioned systems, an authenticated user may escalate via l...
CVE-2017-5698
CVE-2017-5698 describes an anti-rollback flaw in Intel AMT/ISM/SBT firmware (versions 11.0.25.3001 and 11.0.26.3000) where an upgrade to 11.6.x.1xxx is possible and is vulnerable to CVE-2017-5689, enabling a local administrator to escalate privileges. Connected sources confirm CVE-2017-5689 as a ...
CVE-2017-5712
CVE-2017-5712 is a buffer overflow in Intel Manageability Engine Firmware (AMT) affecting ME/AMT versions 8.x–11.20. The vulnerability allows a remote attacker with Admin access to execute arbitrary code with AMT execution privileges (CVSSv3: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H; base score 7.2). ...
CVE-2019-0096
CVE-2019-0096 affects Intel AMT subsystem, with an out-of-bounds write in Intel AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35. Affected condition: authenticated user can potentially escalate privileges via adjacent network access. Connected documents indicate remediation through updati...
CVE-2022-26845
CVE-2022-26845 affects Intel AMT firmware. Improper authentication may allow an unauthenticated network-access user to escalate privileges. Affected AMT/CSME/SPS firmware versions include before 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25. Remediation per PT-2022-18096 and Int...
CVE-2019-0094
CVE-2019-0094 covers an insufficient input validation vulnerability in the Intel AMT subsystem that affects versions before 11.8.65, 11.11.65, 11.22.65, and 12.0.35, exposing unauthenticated users to potential denial of service via adjacent network access. Intel’s advisory and vendor security pag...
CVE-2019-0092
CVE-2019-0092 is an insufficient input validation vulnerability in the Intel AMT subsystem, affecting Intel CSME/AMT/DAL/SPS before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35. The NVD/NIST entry describes it as potentially enabling privilege escalation for an unauthenticated user with physical...
CVE-2019-0097
CVE-2019-0097 affects Intel AMT: an insufficient input validation vulnerability in the AMT subsystem prior to version 12.0.35 may allow a privileged user to cause a denial of service over the network. Affected product scope is Intel AMT/CSME with versions before 12.0.35. Remediation per Intel adv...
CVE-2020-8747
CVE-2020-8747 is an out-of-bounds read in the Intel AMT subsystem (and related CSME/ISM/TXE components) affecting Intel AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can enable information disclosure and/or denial of service via network access by an unauthen...
CVE-2020-8752
CVE-2020-8752 affects Intel AMT/ISM IPv6 subsystem: out-of-bounds write in IPv6 can allow unauthenticated privilege escalation via network access on Intel AMT/ISM firmware versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. Intel INTEL-SA-00391 describes mitigation; affected products i...
CVE-2022-30601
The CVE-2022-30601 entry concerns Intel AMT and Intel Standard Manageability. The issue is described as insufficiently protected credentials, which could allow an unauthenticated user to disclose information and escalate privileges via network access. Affected components cited in multiple sources...
CVE-2021-33068
CVE-2021-33068 is a null pointer dereference in the Intel AMT subsystem. Intel SPS/AMT/PMC chipset firmware before certain versions may allow an authenticated remote attacker to cause a denial-of-service via network access. Public documents from NVD/Intel/Red Hat/IBM describe affected components ...
CVE-2020-8749
CVE-2020-8749 is an Intel AMT/CSME-related issue described as an out-of-bounds read in the AMT subsystem that may let an unauthenticated, adjacent user escalate privileges. Affected are Intel AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The CVE is part of a broader set of...
CVE-2022-28697
CVE-2022-28697 affects firmware in Intel(R) AMT and Intel(R) Standard Manageability. The issue is improper access control that may allow an unauthenticated user to escalate privileges via physical access. CVSSv3.1 metrics indicate physical attack vector, no privileges required, with high confiden...
CVE-2022-30944
CVE-2022-30944 affects Intel AMT and Intel Standard Manageability. Insufficiently protected credentials may allow a privileged user to disclose information via local access. The CVE is rated with a Local attack vector and High confidentiality impact (CVSSv3.1: 5.5). Multiple connected sources ref...
CVE-2020-12356
CVE-2020-12356 is an Intel AMT/CSME vulnerability (Out-of-bounds read) that affects AMT/ISM/CSME subsystems prior to specific builds: versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can allow a privileged user to disclose information via local access; CVSS3.1 vector in...
CVE-2020-8754
Intel AMT/ISM subsystem contains an out-of-bounds read vulnerability (CVE-2020-8754) that could allow unauthenticated information disclosure over the network. Affected versions include Intel AMT/ISM before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. Intel’s advisory and vendor advisories in...
CVE-2019-11132
CVE-2019-11132 : Cross-site scripting vulnerability in the Intel Active Management Technology (AMT) subsystem prior to firmware versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 could allow a privileged user to escalate privileges via network access. The issue is documented in multiple sources (NV...
CVE-2020-8753
CVE-2020-8753 is an out-of-bounds read vulnerability in the DHCP subsystem of Intel AMT/ISM (and related components in the Intel CSME/SPS/TXE/SO CSME stack). Affected versions are Intel AMT/ISM before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The flaw may allow an unauthenticated attacker...
CVE-2022-29893
The CVE-2022-29893 issue is in Intel® AMT firmware and stems from improper authentication, potentially allowing an authenticated user to escalate privileges over the network. Affected AMT versions include prior to 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25. Reported base ...
CVE-2020-8746
CVE-2020-8746 concerns Intel AMT/CSME subsystem integer overflow that could allow a remote unauthenticated actor to cause denial of service via adjacent access. Connected sources confirm the issue affects Intel AMT/CSME/ISM stack versions before specific fixes (11.8.82/11.12.82/11.22.82/12.0.70/1...
CVE-2020-8757
CVE-2020-8757 involves an out-of-bounds read in the Intel AMT subsystem that can allow a privileged local user to escalate privileges. Affected: Intel AMT/CSME family before versions 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 (and related AMT/ISM components per Intel advisories). Root cause...
CVE-2020-8760
CVE-2020-8760 is an Intel AMT/CSME-related issue described as an integer overflow in the subsystem affecting AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. The vulnerability may allow a privileged user to escalate privileges via local access. Public sources in connected d...
CVE-2018-3616
CVE-2018-3616 is a Bleichenbacher-style side-channel vulnerability in the TLS implementation of Intel AMT/CSME firmware prior to 12.0.5. An unauthenticated attacker could potentially obtain the TLS session key over the network. Public-internal sources confirm impact on Intel AMT/CSME (TLS) with C...
CVE-2019-0131
CVE-2019-0131: Insufficient input validation in the subsystem of Intel AMT (and related Intel CSME/TXE/DAL components) before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to cause denial of service or information disclosure via adjacent access, with higher im...
CVE-2022-27497
The CVE-2022-27497 issue is a null pointer dereference in Intel® AMT firmware prior to versions 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25 that may allow an unauthenticated remote attacker to cause a denial of service via network access. Public sources (Intel IPU advisory...
CVE-2019-11088
CVE-2019-11088 concerns Intel AMT: Insufficient input validation in the AMT subsystem may allow an unauthenticated user to escalate privileges via adjacent access. Affected are AMT versions before 11.8.70, 11.11.70, 11.22.70 and 12.0.45 (per Intel AMT/CSME/TXE advisories). The issue is described ...
CVE-2019-11086
CVE-2019-11086 involves insufficient input validation in the Intel AMT subsystem prior to 12.0.45, potentially allowing an unauthenticated user with physical access to escalate privileges. Affected component: Intel AMT subsystem (Intel CSME/AMT stack). Root cause: input validation gap in the AMT ...
CVE-2019-11131
CVE-2019-11131 affects Intel AMT subsystem. A logic issue could allow an unauthenticated user to escalate privileges via network access. Affected Intel AMT versions before 11.8.70, 11.11.70, 11.22.70 and 12.0.45. Intel/HP/Lenovo advisories recommend updating AMT/CSME/TXE/DAL firmware to newer rel...
CVE-2018-3658
CVE-2018-3658 affects Intel AMT in Intel CSME firmware prior to 12.0.5. The issue is described as multiple memory leaks that may allow an unauthenticated, Intel AMT-provisioned user to cause a partial denial of service over the network. Remediation: upgrade to the latest Intel CSME firmware versi...
CVE-2020-0596
CVE-2020-0596 concerns Intel AMT/ISM DHCPv6 input validation weaknesses. Public docs specify that improper input validation in the DHCPv6 subsystem of Intel® AMT and Intel® ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to disclose information via ne...
CVE-2019-0166
CVE-2019-0166 describes an insufficient input validation in the Intel AMT subsystem that could allow an unauthenticated user to disclose information over the network. Affected products are Intel AMT firmware prior to 11.8.70, 11.11.70, 11.22.70, and 12.0.45 (as cited across multiple sources). The...
CVE-2018-3657
CVE-2018-3657 affects Intel AMT in Intel CSME firmware prior to 12.0.5, enabling a local attacker with high privileges to potentially execute arbitrary code with AMT execution rights via local access. The issue is described across multiple sources (NVD entry and related advisories) with a CVSSv3 ...
CVE-2018-3628
CVE-2018-3628 describes a buffer overflow in the HTTP handler of Intel AMT/CSME firmware across versions 3.x–11.x that could let an attacker execute arbitrary code within the same subnet. Connected sources confirm the affected product family (Intel AMT/CSME firmware) and a remediation path via fi...
CVE-2020-0531
CVE-2020-0531 involves Intel AMT/CSME family where improper input validation in Intel AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to disclose information over the network. The vulnerability is documented across multiple sources (Intel advisory INTEL...
CVE-2020-0594
CVE-2020-0594 : Out-of-bounds read in the IPv6 subsystem of Intel CSME AMT/ISM (pre-11.8.77, 11.12.77, 11.22.77 and 12.0.64) may allow an unauthenticated attacker to escalate privileges over the network. Intel’s advisory INTEL-SA-00295 covers these vulnerabilities and provides mitigations through...
CVE-2020-0537
CVE-2020-0537 is an Intel AMT/CSME vulnerability where improper input validation in the AMT subsystem (before affected versions 11.8.77, 11.12.77, 11.22.77 and 12.0.64) could allow a privileged user to cause a denial of service over the network. The related connected Intel advisory INTEL-SA-00295...
CVE-2020-0597
CVE-2020-0597 involves an out-of-bounds read in the IPv6 subsystem of Intel AMT/ISM. Intel’s advisory indicates that versions before 14.0.33 are affected, and an unauthenticated remote attacker could potentially trigger a denial-of-service via network access. The issue maps to the Treck/INTEL-SA-...
CVE-2020-0532
CVE-2020-0532 affects Intel AMT (and related CSME components) due to improper input validation in the AMT subsystem, allowing an unauthenticated user to potentially cause denial of service or information disclosure via adjacent network access. Affected versions are before 11.8.77, 11.12.77, 11.22...
CVE-2019-11107
CVE-2019-11107 : Affects Intel AMT subsystem; insufficient input validation before version 12.0.45 may allow an unauthenticated user to escalate privileges via network access. Public details specify the vulnerable condition and impact as described by NVD entry for CVE-2019-11107. The connected Ne...
CVE-2019-11100
CVE-2019-11100 corresponds to an Intel AMT subsystem vulnerability due to insufficient input validation that could allow information disclosure by an unauthenticated user with physical access. Affected firmware versions include AMT before 11.8.70, 11.11.70, 11.22.70, and 12.0.45. Multiple connect...
CVE-2018-3629
CVE-2018-3629 is a buffer overflow in the event handler of Intel Active Management Technology (AMT) within the Intel Converged Security Manageability Engine (CSME) firmware, affecting 3.x–11.x series. The vulnerability can enable a denial-of-service via the same subnet. Intel’s INTEL-SA-00112 adv...
CVE-2018-3632
CVE-2018-3632 describes memory corruption in Intel Active Management Technology (AMT) within the Intel Converged Security and Manageability Engine (CSME) firmware, affecting versions 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x (including 11.0, 11.5, 11.6, 11.7, 11.10, 11.20). An attacker with local admini...
CVE-2017-5711
CVE-2017-5711 covers multiple buffer overflows in Intel Manageability Engine Firmware AMT (8.x/9.x/10.x/11.x.0/11.5/11.6/11.7/11.10/11.20). The vulnerability allows a local attacker to execute arbitrary code with AMT execution privilege via the AMT component. Affected component: Intel AMT/ME firm...
CVE-2020-0535
CVE-2020-0535 is part of Intel AMT/CSME family vulnerabilities described in INTEL-SA-00295. The issue is improper input validation in Intel AMT versions prior to 11.8.76/11.12.77/11.22.77/12.0.64 that can allow an unauthenticated user to potentially disclose information over the network. The Inte...
CVE-2020-0538
CVE-2020-0538 describes an input validation flaw in the Intel AMT/CSME subsystem (and related AMP/DM components) that, on Intel AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64, may allow an unauthenticated attacker to cause a denial of service over the network. Connected documents cor...
CVE-2020-8674
CVE-2020-8674 is an out-of-bounds read in the DHCPv6 subsystem of Intel AMT/ISM (Intel CSME/ISM/AMT) versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33. An unauthenticated attacker could potentially disclose information over the network. The issue is part of Intel’s broader INTEL-SA...
CVE-2020-0540
The CVE-2020-0540 entry concerns Intel AMT/CSME family vulnerabilities where credentials were insufficiently protected in AMT/CSME versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64, enabling unauthenticated information disclosure over the network. Connected Intel advisory INTEL-SA-00295 and...