PT-2017-3129 · Intel · Intel Manageability Engine Firmware

Jann Horn

Published

2017-11-20

Updated

2019-10-03

CVE-2017-5708

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel Manageability Engine Firmware versions 11.0 through 11.20

Description The issue concerns multiple privilege escalations in the kernel of Intel Manageability Engine Firmware, allowing unauthorized processes to access privileged content. This is reportedly due to buffer overflow and insufficient access control measures. Exploitation of these issues could enable an attacker to elevate their privileges.

Recommendations For Intel Manageability Engine Firmware versions 11.0 through 11.20, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2017-02529

CVE-2017-5708

Affected Products

Intel Manageability Engine Firmware

PT-2017-3129 · Intel · Intel Manageability Engine Firmware

CVE-2017-5708

Weakness Enumeration

Related Identifiers

Affected Products

References · 11