CVE-2017-5698 - OpenCVE

Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:C/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Intel	Small Business Technology Firmware Active Management Technology Firmware Manageability Engine Firmware

Configuration 1 [-]

OR	cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:::::::*
	cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:::::::*
	cpe:2.3:o:intel:manageability_engine_firmware:11.0.25.3001:::::::*
	cpe:2.3:o:intel:manageability_engine_firmware:11.0.26.3000:::::::*
	cpe:2.3:o:intel:small_business_technology_firmware:11.0.25.3001:::::::*
	cpe:2.3:o:intel:small_business_technology_firmware:11.0.26.3000:::::::*

References

Link	Resource
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2017-09-28T00:00:00

Updated: 2017-09-28T19:57:01

Reserved: 2017-02-01T00:00:00

Link: CVE-2017-5698

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-09-05T19:29:00.217

Modified: 2023-08-17T17:43:33.573

Link: CVE-2017-5698

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "version 11.0.25.3001 and 11.0.26.3000"}]}], "datePublic": "2017-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T19:57:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2017-09-28T00:00:00", "ID": "CVE-2017-5698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", "version": {"version_data": [{"version_value": "version 11.0.25.3001 and 11.0.26.3000"}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr", "refsource": "CONFIRM", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}]}}}}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2017-5698", "datePublished": "2017-09-28T00:00:00", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2017-09-28T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "C58BB0F4-0CC8-4117-9FBD-842F1A2629A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "EDA1C111-F4A6-4191-A649-83B8D7E87920", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:manageability_engine_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "88A6B19B-50BD-4EFE-A707-F3557D05D816", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:manageability_engine_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "6E412DFA-8C90-4C8C-A281-00A344AEF0FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:small_business_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "E975987A-24AC-43B2-8E8D-FCAFF2DFABAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:small_business_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "CF3F2A41-56E9-4648-94B8-FBDFCA43B3D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}, {"lang": "es", "value": "El sistema anti-rollback de Intel Active Management Technology, Intel Standard Manageability e Intel Small Business Technology en sus versiones 11.0.25.3001 y 11.0.26.3000 no evita que se actualice el firmware a la versi\u00f3n 11.6.x.1xxx, la cual es vulnerable a CVE-2017-5689. Esto puede llevarlo a cabo un usuario local con privilegios de administrador."}], "id": "CVE-2017-5698", "lastModified": "2023-08-17T17:43:33.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-05T19:29:00.217", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}