Lucene search
K
IntelActive Management Technology Firmware

54 matches found

CVE
CVE
added 2017/05/02 2:0 p.m.1229 views

CVE-2017-5689

CVE-2017-5689 describes a privilege-escalation vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). An unprivileged network or local attacker could gain administrative or higher privileges to provision manageabil...

10CVSS6.8AI score0.92189EPSS
In wildWeb
CVE
CVE
added 2022/11/11 3:48 p.m.574 views

CVE-2021-33159

Intel AMT vulnerability CVE-2021-33159 stems from improper authentication in the AMT subsystem, enabling a privileged user to escalate privileges via local access. Affected firmware versions include AMT before 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25. Red Hat and other ...

7.4CVSS6.7AI score0.00178EPSS
CVE
CVE
added 2020/09/10 2:22 p.m.203 views

CVE-2020-8758

CVE-2020-8758 affects Intel AMT/ISM: improper buffer restrictions in the network subsystem may allow escalation of privilege. In provisioned systems, an unauthenticated attacker on the network can potentially escalate privileges; on un-provisioned systems, an authenticated user may escalate via l...

9.8CVSS9.3AI score0.01686EPSS
CVE
CVE
added 2017/09/05 7:0 p.m.202 views

CVE-2017-5698

CVE-2017-5698 describes an anti-rollback flaw in Intel AMT/ISM/SBT firmware (versions 11.0.25.3001 and 11.0.26.3000) where an upgrade to 11.6.x.1xxx is possible and is vulnerable to CVE-2017-5689, enabling a local administrator to escalate privileges. Connected sources confirm CVE-2017-5689 as a ...

4.9CVSS6.5AI score0.00267EPSS
In wild
CVE
CVE
added 2017/11/21 2:0 p.m.182 views

CVE-2017-5712

CVE-2017-5712 is a buffer overflow in Intel Manageability Engine Firmware (AMT) affecting ME/AMT versions 8.x–11.20. The vulnerability allows a remote attacker with Admin access to execute arbitrary code with AMT execution privileges (CVSSv3: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H; base score 7.2). ...

9CVSS7.5AI score0.04407EPSS
CVE
CVE
added 2019/05/17 3:41 p.m.149 views

CVE-2019-0096

CVE-2019-0096 affects Intel AMT subsystem, with an out-of-bounds write in Intel AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35. Affected condition: authenticated user can potentially escalate privileges via adjacent network access. Connected documents indicate remediation through updati...

8CVSS7.8AI score0.00495EPSS
CVE
CVE
added 2022/11/11 3:48 p.m.147 views

CVE-2022-26845

CVE-2022-26845 affects Intel AMT firmware. Improper authentication may allow an unauthenticated network-access user to escalate privileges. Affected AMT/CSME/SPS firmware versions include before 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25. Remediation per PT-2022-18096 and Int...

9.8CVSS9.7AI score0.00565EPSS
CVE
CVE
added 2019/05/17 3:41 p.m.143 views

CVE-2019-0094

CVE-2019-0094 covers an insufficient input validation vulnerability in the Intel AMT subsystem that affects versions before 11.8.65, 11.11.65, 11.22.65, and 12.0.35, exposing unauthenticated users to potential denial of service via adjacent network access. Intel’s advisory and vendor security pag...

4.3CVSS5.5AI score0.00451EPSS
CVE
CVE
added 2019/05/17 3:41 p.m.142 views

CVE-2019-0092

CVE-2019-0092 is an insufficient input validation vulnerability in the Intel AMT subsystem, affecting Intel CSME/AMT/DAL/SPS before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35. The NVD/NIST entry describes it as potentially enabling privilege escalation for an unauthenticated user with physical...

6.8CVSS7.1AI score0.00379EPSS
CVE
CVE
added 2019/05/17 3:41 p.m.135 views

CVE-2019-0097

CVE-2019-0097 affects Intel AMT: an insufficient input validation vulnerability in the AMT subsystem prior to version 12.0.35 may allow a privileged user to cause a denial of service over the network. Affected product scope is Intel AMT/CSME with versions before 12.0.35. Remediation per Intel adv...

4.9CVSS5.6AI score0.0122EPSS
CVE
CVE
added 2020/11/12 6:9 p.m.131 views

CVE-2020-8747

CVE-2020-8747 is an out-of-bounds read in the Intel AMT subsystem (and related CSME/ISM/TXE components) affecting Intel AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can enable information disclosure and/or denial of service via network access by an unauthen...

9.1CVSS8.7AI score0.01675EPSS
CVE
CVE
added 2020/11/12 6:5 p.m.131 views

CVE-2020-8752

CVE-2020-8752 affects Intel AMT/ISM IPv6 subsystem: out-of-bounds write in IPv6 can allow unauthenticated privilege escalation via network access on Intel AMT/ISM firmware versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. Intel INTEL-SA-00391 describes mitigation; affected products i...

9.8CVSS9.5AI score0.01634EPSS
CVE
CVE
added 2022/08/18 12:0 a.m.125 views

CVE-2022-30601

The CVE-2022-30601 entry concerns Intel AMT and Intel Standard Manageability. The issue is described as insufficiently protected credentials, which could allow an unauthenticated user to disclose information and escalate privileges via network access. Affected components cited in multiple sources...

9.8CVSS9.3AI score0.00779EPSS
CVE
CVE
added 2022/02/09 10:4 p.m.124 views

CVE-2021-33068

CVE-2021-33068 is a null pointer dereference in the Intel AMT subsystem. Intel SPS/AMT/PMC chipset firmware before certain versions may allow an authenticated remote attacker to cause a denial-of-service via network access. Public documents from NVD/Intel/Red Hat/IBM describe affected components ...

6.5CVSS6.2AI score0.0084EPSS
CVE
CVE
added 2020/11/12 6:9 p.m.121 views

CVE-2020-8749

CVE-2020-8749 is an Intel AMT/CSME-related issue described as an out-of-bounds read in the AMT subsystem that may let an unauthenticated, adjacent user escalate privileges. Affected are Intel AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The CVE is part of a broader set of...

8.8CVSS9.2AI score0.01118EPSS
CVE
CVE
added 2022/08/18 12:0 a.m.120 views

CVE-2022-28697

CVE-2022-28697 affects firmware in Intel(R) AMT and Intel(R) Standard Manageability. The issue is improper access control that may allow an unauthenticated user to escalate privileges via physical access. CVSSv3.1 metrics indicate physical attack vector, no privileges required, with high confiden...

6.8CVSS8.2AI score0.00351EPSS
CVE
CVE
added 2022/08/18 12:0 a.m.114 views

CVE-2022-30944

CVE-2022-30944 affects Intel AMT and Intel Standard Manageability. Insufficiently protected credentials may allow a privileged user to disclose information via local access. The CVE is rated with a Local attack vector and High confidentiality impact (CVSSv3.1: 5.5). Multiple connected sources ref...

5.5CVSS6.6AI score0.00187EPSS
CVE
CVE
added 2020/11/12 6:9 p.m.112 views

CVE-2020-12356

CVE-2020-12356 is an Intel AMT/CSME vulnerability (Out-of-bounds read) that affects AMT/ISM/CSME subsystems prior to specific builds: versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can allow a privileged user to disclose information via local access; CVSS3.1 vector in...

4.4CVSS5.1AI score0.0038EPSS
CVE
CVE
added 2020/11/12 6:8 p.m.111 views

CVE-2020-8754

Intel AMT/ISM subsystem contains an out-of-bounds read vulnerability (CVE-2020-8754) that could allow unauthenticated information disclosure over the network. Affected versions include Intel AMT/ISM before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. Intel’s advisory and vendor advisories in...

7.5CVSS7.1AI score0.01458EPSS
CVE
CVE
added 2019/12/18 9:7 p.m.108 views

CVE-2019-11132

CVE-2019-11132 : Cross-site scripting vulnerability in the Intel Active Management Technology (AMT) subsystem prior to firmware versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 could allow a privileged user to escalate privileges via network access. The issue is documented in multiple sources (NV...

8.4CVSS8.8AI score0.01272EPSS
CVE
CVE
added 2020/11/12 6:5 p.m.108 views

CVE-2020-8753

CVE-2020-8753 is an out-of-bounds read vulnerability in the DHCP subsystem of Intel AMT/ISM (and related components in the Intel CSME/SPS/TXE/SO CSME stack). Affected versions are Intel AMT/ISM before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The flaw may allow an unauthenticated attacker...

7.5CVSS8AI score0.01478EPSS
CVE
CVE
added 2022/11/11 3:48 p.m.108 views

CVE-2022-29893

The CVE-2022-29893 issue is in Intel® AMT firmware and stems from improper authentication, potentially allowing an authenticated user to escalate privileges over the network. Affected AMT versions include prior to 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25. Reported base ...

8.8CVSS8.8AI score0.00575EPSS
CVE
CVE
added 2020/11/12 6:9 p.m.107 views

CVE-2020-8746

CVE-2020-8746 concerns Intel AMT/CSME subsystem integer overflow that could allow a remote unauthenticated actor to cause denial of service via adjacent access. Connected sources confirm the issue affects Intel AMT/CSME/ISM stack versions before specific fixes (11.8.82/11.12.82/11.22.82/12.0.70/1...

6.5CVSS7.8AI score0.00869EPSS
CVE
CVE
added 2020/11/12 6:7 p.m.107 views

CVE-2020-8757

CVE-2020-8757 involves an out-of-bounds read in the Intel AMT subsystem that can allow a privileged local user to escalate privileges. Affected: Intel AMT/CSME family before versions 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 (and related AMT/ISM components per Intel advisories). Root cause...

6.7CVSS6.8AI score0.00412EPSS
CVE
CVE
added 2020/11/12 6:8 p.m.107 views

CVE-2020-8760

CVE-2020-8760 is an Intel AMT/CSME-related issue described as an integer overflow in the subsystem affecting AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. The vulnerability may allow a privileged user to escalate privileges via local access. Public sources in connected d...

7.8CVSS7.8AI score0.00414EPSS
CVE
CVE
added 2018/09/12 7:0 p.m.106 views

CVE-2018-3616

CVE-2018-3616 is a Bleichenbacher-style side-channel vulnerability in the TLS implementation of Intel AMT/CSME firmware prior to 12.0.5. An unauthenticated attacker could potentially obtain the TLS session key over the network. Public-internal sources confirm impact on Intel AMT/CSME (TLS) with C...

5.9CVSS5.9AI score0.02388EPSS
CVE
CVE
added 2019/12/18 9:8 p.m.105 views

CVE-2019-0131

CVE-2019-0131: Insufficient input validation in the subsystem of Intel AMT (and related Intel CSME/TXE/DAL components) before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to cause denial of service or information disclosure via adjacent access, with higher im...

8.1CVSS8.3AI score0.00594EPSS
CVE
CVE
added 2022/11/11 3:48 p.m.105 views

CVE-2022-27497

The CVE-2022-27497 issue is a null pointer dereference in Intel® AMT firmware prior to versions 11.8.93, 11.12.93, 11.22.93, 12.0.92, 14.1.67, 15.0.42, and 16.1.25 that may allow an unauthenticated remote attacker to cause a denial of service via network access. Public sources (Intel IPU advisory...

8.6CVSS7.4AI score0.00654EPSS
CVE
CVE
added 2019/12/18 9:8 p.m.104 views

CVE-2019-11088

CVE-2019-11088 concerns Intel AMT: Insufficient input validation in the AMT subsystem may allow an unauthenticated user to escalate privileges via adjacent access. Affected are AMT versions before 11.8.70, 11.11.70, 11.22.70 and 12.0.45 (per Intel AMT/CSME/TXE advisories). The issue is described ...

8.8CVSS9.2AI score0.0061EPSS
CVE
CVE
added 2019/12/18 9:10 p.m.98 views

CVE-2019-11086

CVE-2019-11086 involves insufficient input validation in the Intel AMT subsystem prior to 12.0.45, potentially allowing an unauthenticated user with physical access to escalate privileges. Affected component: Intel AMT subsystem (Intel CSME/AMT stack). Root cause: input validation gap in the AMT ...

6.8CVSS8AI score0.0035EPSS
CVE
CVE
added 2019/12/18 9:8 p.m.98 views

CVE-2019-11131

CVE-2019-11131 affects Intel AMT subsystem. A logic issue could allow an unauthenticated user to escalate privileges via network access. Affected Intel AMT versions before 11.8.70, 11.11.70, 11.22.70 and 12.0.45. Intel/HP/Lenovo advisories recommend updating AMT/CSME/TXE/DAL firmware to newer rel...

9.8CVSS9.5AI score0.01792EPSS
CVE
CVE
added 2018/09/12 7:0 p.m.94 views

CVE-2018-3658

CVE-2018-3658 affects Intel AMT in Intel CSME firmware prior to 12.0.5. The issue is described as multiple memory leaks that may allow an unauthenticated, Intel AMT-provisioned user to cause a partial denial of service over the network. Remediation: upgrade to the latest Intel CSME firmware versi...

5.3CVSS5.4AI score0.03303EPSS
CVE
CVE
added 2020/06/15 1:58 p.m.94 views

CVE-2020-0596

CVE-2020-0596 concerns Intel AMT/ISM DHCPv6 input validation weaknesses. Public docs specify that improper input validation in the DHCPv6 subsystem of Intel® AMT and Intel® ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to disclose information via ne...

7.5CVSS8.1AI score0.02213EPSS
CVE
CVE
added 2019/12/18 9:8 p.m.93 views

CVE-2019-0166

CVE-2019-0166 describes an insufficient input validation in the Intel AMT subsystem that could allow an unauthenticated user to disclose information over the network. Affected products are Intel AMT firmware prior to 11.8.70, 11.11.70, 11.22.70, and 12.0.45 (as cited across multiple sources). The...

7.5CVSS8AI score0.01385EPSS
CVE
CVE
added 2018/09/12 7:0 p.m.92 views

CVE-2018-3657

CVE-2018-3657 affects Intel AMT in Intel CSME firmware prior to 12.0.5, enabling a local attacker with high privileges to potentially execute arbitrary code with AMT execution rights via local access. The issue is described across multiple sources (NVD entry and related advisories) with a CVSSv3 ...

7.2CVSS6.7AI score0.00582EPSS
CVE
CVE
added 2018/07/10 9:0 p.m.90 views

CVE-2018-3628

CVE-2018-3628 describes a buffer overflow in the HTTP handler of Intel AMT/CSME firmware across versions 3.x–11.x that could let an attacker execute arbitrary code within the same subnet. Connected sources confirm the affected product family (Intel AMT/CSME firmware) and a remediation path via fi...

8.8CVSS8.9AI score0.01384EPSS
CVE
CVE
added 2020/06/15 1:59 p.m.90 views

CVE-2020-0531

CVE-2020-0531 involves Intel AMT/CSME family where improper input validation in Intel AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to disclose information over the network. The vulnerability is documented across multiple sources (Intel advisory INTEL...

6.5CVSS6.6AI score0.01372EPSS
CVE
CVE
added 2020/06/15 1:55 p.m.90 views

CVE-2020-0594

CVE-2020-0594 : Out-of-bounds read in the IPv6 subsystem of Intel CSME AMT/ISM (pre-11.8.77, 11.12.77, 11.22.77 and 12.0.64) may allow an unauthenticated attacker to escalate privileges over the network. Intel’s advisory INTEL-SA-00295 covers these vulnerabilities and provides mitigations through...

9.8CVSS9.4AI score0.03536EPSS
CVE
CVE
added 2020/06/15 2:0 p.m.89 views

CVE-2020-0537

CVE-2020-0537 is an Intel AMT/CSME vulnerability where improper input validation in the AMT subsystem (before affected versions 11.8.77, 11.12.77, 11.22.77 and 12.0.64) could allow a privileged user to cause a denial of service over the network. The related connected Intel advisory INTEL-SA-00295...

4.9CVSS6AI score0.01587EPSS
CVE
CVE
added 2020/06/15 1:59 p.m.87 views

CVE-2020-0597

CVE-2020-0597 involves an out-of-bounds read in the IPv6 subsystem of Intel AMT/ISM. Intel’s advisory indicates that versions before 14.0.33 are affected, and an unauthenticated remote attacker could potentially trigger a denial-of-service via network access. The issue maps to the Treck/INTEL-SA-...

7.5CVSS8.2AI score0.02952EPSS
CVE
CVE
added 2020/06/15 1:59 p.m.83 views

CVE-2020-0532

CVE-2020-0532 affects Intel AMT (and related CSME components) due to improper input validation in the AMT subsystem, allowing an unauthenticated user to potentially cause denial of service or information disclosure via adjacent network access. Affected versions are before 11.8.77, 11.12.77, 11.22...

7.1CVSS7.1AI score0.00645EPSS
CVE
CVE
added 2019/12/18 9:9 p.m.82 views

CVE-2019-11107

CVE-2019-11107 : Affects Intel AMT subsystem; insufficient input validation before version 12.0.45 may allow an unauthenticated user to escalate privileges via network access. Public details specify the vulnerable condition and impact as described by NVD entry for CVE-2019-11107. The connected Ne...

9.8CVSS9.5AI score0.01568EPSS
CVE
CVE
added 2019/12/18 9:9 p.m.80 views

CVE-2019-11100

CVE-2019-11100 corresponds to an Intel AMT subsystem vulnerability due to insufficient input validation that could allow information disclosure by an unauthenticated user with physical access. Affected firmware versions include AMT before 11.8.70, 11.11.70, 11.22.70, and 12.0.45. Multiple connect...

4.6CVSS6.1AI score0.00358EPSS
CVE
CVE
added 2018/07/10 9:0 p.m.78 views

CVE-2018-3629

CVE-2018-3629 is a buffer overflow in the event handler of Intel Active Management Technology (AMT) within the Intel Converged Security Manageability Engine (CSME) firmware, affecting 3.x–11.x series. The vulnerability can enable a denial-of-service via the same subnet. Intel’s INTEL-SA-00112 adv...

6.5CVSS7.2AI score0.00985EPSS
CVE
CVE
added 2018/07/10 9:0 p.m.76 views

CVE-2018-3632

CVE-2018-3632 describes memory corruption in Intel Active Management Technology (AMT) within the Intel Converged Security and Manageability Engine (CSME) firmware, affecting versions 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x (including 11.0, 11.5, 11.6, 11.7, 11.10, 11.20). An attacker with local admini...

7.2CVSS7.4AI score0.00391EPSS
CVE
CVE
added 2017/11/21 2:0 p.m.74 views

CVE-2017-5711

CVE-2017-5711 covers multiple buffer overflows in Intel Manageability Engine Firmware AMT (8.x/9.x/10.x/11.x.0/11.5/11.6/11.7/11.10/11.20). The vulnerability allows a local attacker to execute arbitrary code with AMT execution privilege via the AMT component. Affected component: Intel AMT/ME firm...

7.8CVSS7.4AI score0.00568EPSS
CVE
CVE
added 2020/06/15 2:0 p.m.74 views

CVE-2020-0535

CVE-2020-0535 is part of Intel AMT/CSME family vulnerabilities described in INTEL-SA-00295. The issue is improper input validation in Intel AMT versions prior to 11.8.76/11.12.77/11.22.77/12.0.64 that can allow an unauthenticated user to potentially disclose information over the network. The Inte...

5.3CVSS5.3AI score0.01646EPSS
CVE
CVE
added 2020/06/15 1:58 p.m.73 views

CVE-2020-0538

CVE-2020-0538 describes an input validation flaw in the Intel AMT/CSME subsystem (and related AMP/DM components) that, on Intel AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64, may allow an unauthenticated attacker to cause a denial of service over the network. Connected documents cor...

7.5CVSS7.7AI score0.0231EPSS
CVE
CVE
added 2020/06/15 2:0 p.m.73 views

CVE-2020-8674

CVE-2020-8674 is an out-of-bounds read in the DHCPv6 subsystem of Intel AMT/ISM (Intel CSME/ISM/AMT) versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33. An unauthenticated attacker could potentially disclose information over the network. The issue is part of Intel’s broader INTEL-SA...

5.3CVSS6.6AI score0.01789EPSS
CVE
CVE
added 2020/06/15 2:0 p.m.72 views

CVE-2020-0540

The CVE-2020-0540 entry concerns Intel AMT/CSME family vulnerabilities where credentials were insufficiently protected in AMT/CSME versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64, enabling unauthenticated information disclosure over the network. Connected Intel advisory INTEL-SA-00295 and...

7.5CVSS7.5AI score0.01972EPSS
Total number of security vulnerabilities54