8 matches found
CVE-2017-5698
CVE-2017-5698 describes an anti-rollback flaw in Intel AMT/ISM/SBT firmware (versions 11.0.25.3001 and 11.0.26.3000) where an upgrade to 11.6.x.1xxx is possible and is vulnerable to CVE-2017-5689, enabling a local administrator to escalate privileges. Connected sources confirm CVE-2017-5689 as a ...
CVE-2017-5712
CVE-2017-5712 is a buffer overflow in Intel Manageability Engine Firmware (AMT) affecting ME/AMT versions 8.x–11.20. The vulnerability allows a remote attacker with Admin access to execute arbitrary code with AMT execution privileges (CVSSv3: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H; base score 7.2). ...
CVE-2017-5705
CVE-2017-5705 (and related CVEs) affects Intel Manageability Engine (ME) firmware: kernel-level buffer overflows in ME 11.x, SPS 4.0, and TXE 3.0 allow local attackers to execute arbitrary code. Siemens’ Update A details mitigations per affected devices and directs updating ME/SPS/TXE firmware to...
CVE-2018-3616
CVE-2018-3616 is a Bleichenbacher-style side-channel vulnerability in the TLS implementation of Intel AMT/CSME firmware prior to 12.0.5. An unauthenticated attacker could potentially obtain the TLS session key over the network. Public-internal sources confirm impact on Intel AMT/CSME (TLS) with C...
CVE-2018-3658
CVE-2018-3658 affects Intel AMT in Intel CSME firmware prior to 12.0.5. The issue is described as multiple memory leaks that may allow an unauthenticated, Intel AMT-provisioned user to cause a partial denial of service over the network. Remediation: upgrade to the latest Intel CSME firmware versi...
CVE-2018-3657
CVE-2018-3657 affects Intel AMT in Intel CSME firmware prior to 12.0.5, enabling a local attacker with high privileges to potentially execute arbitrary code with AMT execution rights via local access. The issue is described across multiple sources (NVD entry and related advisories) with a CVSSv3 ...
CVE-2017-5708
CVE-2017-5708 involves privilege escalations in Intel Manageability Engine Firmware (ME) 11.0/11.5/11.6/11.7/11.10/11.20. An unauthorized process may access privileged content via an unspecified vector. Affected components: ME firmware (and related SPS/TXE stack per Intel-SA-00086). Impact is def...
CVE-2017-5711
CVE-2017-5711 covers multiple buffer overflows in Intel Manageability Engine Firmware AMT (8.x/9.x/10.x/11.x.0/11.5/11.6/11.7/11.10/11.20). The vulnerability allows a local attacker to execute arbitrary code with AMT execution privilege via the AMT component. Affected component: Intel AMT/ME firm...