CVE-2017-5698 - OpenCVE

Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:C/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Active Management Technology Firmware Manageability Engine Firmware Small Business Technology Firmware

Configuration 1 [-]

OR	cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:::::::*
	cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:::::::*
	cpe:2.3:o:intel:manageability_engine_firmware:11.0.25.3001:::::::*
	cpe:2.3:o:intel:manageability_engine_firmware:11.0.26.3000:::::::*
	cpe:2.3:o:intel:small_business_technology_firmware:11.0.25.3001:::::::*
	cpe:2.3:o:intel:small_business_technology_firmware:11.0.26.3000:::::::*

No data.

References

Link	Providers
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2017-09-05T19:00:00Z

Updated: 2024-09-16T17:38:42.112Z

Reserved: 2017-02-01T00:00:00

Link: CVE-2017-5698

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-09-05T19:29:00.217

Modified: 2023-08-17T17:43:33.573

Link: CVE-2017-5698

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "version 11.0.25.3001 and 11.0.26.3000"}]}], "datePublic": "2017-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T19:57:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2017-09-28T00:00:00", "ID": "CVE-2017-5698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", "version": {"version_data": [{"version_value": "version 11.0.25.3001 and 11.0.26.3000"}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr", "refsource": "CONFIRM", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:11:48.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2017-5698", "datePublished": "2017-09-05T19:00:00Z", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2024-09-16T17:38:42.112Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "C58BB0F4-0CC8-4117-9FBD-842F1A2629A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "EDA1C111-F4A6-4191-A649-83B8D7E87920", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:manageability_engine_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "88A6B19B-50BD-4EFE-A707-F3557D05D816", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:manageability_engine_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "6E412DFA-8C90-4C8C-A281-00A344AEF0FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:small_business_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "E975987A-24AC-43B2-8E8D-FCAFF2DFABAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:small_business_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "CF3F2A41-56E9-4648-94B8-FBDFCA43B3D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}, {"lang": "es", "value": "El sistema anti-rollback de Intel Active Management Technology, Intel Standard Manageability e Intel Small Business Technology en sus versiones 11.0.25.3001 y 11.0.26.3000 no evita que se actualice el firmware a la versi\u00f3n 11.6.x.1xxx, la cual es vulnerable a CVE-2017-5689. Esto puede llevarlo a cabo un usuario local con privilegios de administrador."}], "id": "CVE-2017-5698", "lastModified": "2023-08-17T17:43:33.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-05T19:29:00.217", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}