CVE-2017-5689
Published: 02 May 2017
Summary
CVE-2017-5689 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Intel Active Management Technology Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2017-5689 is an improper privilege management vulnerability affecting Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) manageability SKUs. It permits unauthorized provisioning or elevation on systems where these features are present, with a CVSS 3.1 base score of 9.8 reflecting network-accessible attack vectors without authentication requirements.
An unprivileged network attacker can obtain full system privileges on already-provisioned AMT or ISM instances, while an unprivileged local attacker can enable manageability features to acquire network or local system access across AMT, ISM, and SBT SKUs.
Public advisories reference mitigation steps in the Intel SA-00075 Mitigation Guide along with vendor bulletins from Oracle, Siemens, and SecurityTracker that direct administrators to firmware updates, configuration changes, or disabling of the affected manageability interfaces. No information on observed in-the-wild exploitation is supplied in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-14766
Vulnerability details
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel…
more
manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
- CWE(s)
- KEV Date Added
- 28 January 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces approved authorizations for logical access to Intel AMT/ISM/SBT interfaces, blocking the unauthorized provisioning and privilege elevation described in CVE-2017-5689.
Limits privileges assigned to network and local users so that unprivileged attackers cannot obtain system-level access via the flawed manageability SKUs.
Restricts activation and exposure of non-essential AMT/ISM/SBT features, directly supporting the firmware-update and interface-disable mitigations in the Intel SA-00075 guide.