Cyber Resilience

CVE-2017-5689

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 02 May 2017

Published
02 May 2017
Modified
22 April 2026
KEV Added
28 January 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9419 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-5689 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Intel Active Management Technology Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2017-5689 is an improper privilege management vulnerability affecting Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) manageability SKUs. It permits unauthorized provisioning or elevation on systems where these features are present, with a CVSS 3.1 base score of 9.8 reflecting network-accessible attack vectors without authentication requirements.

An unprivileged network attacker can obtain full system privileges on already-provisioned AMT or ISM instances, while an unprivileged local attacker can enable manageability features to acquire network or local system access across AMT, ISM, and SBT SKUs.

Public advisories reference mitigation steps in the Intel SA-00075 Mitigation Guide along with vendor bulletins from Oracle, Siemens, and SecurityTracker that direct administrators to firmware updates, configuration changes, or disabling of the affected manageability interfaces. No information on observed in-the-wild exploitation is supplied in the source data.

EU & UK References

Vulnerability details

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel…

more

manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

CWE(s)
KEV Date Added
28 January 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hpe
proliant ml10 gen9 server firmware
5.0
siemens
simatic itp1000 firmware
≤ 9.1.41.3024
siemens
simatic ipc847d firmware
≤ 9.1.41.3024
siemens
simatic ipc847c firmware
≤ 6.2.61.3535
siemens
simatic ipc827d firmware
≤ 9.1.41.3024
siemens
simatic ipc827c firmware
≤ 6.2.61.3535
siemens
simatic ipc677d firmware
≤ 9.1.41.3024 · ≤ 9.1.41.3024
siemens
simatic ipc677c firmware
≤ 6.2.61.3535
siemens
simatic ipc647d firmware
≤ 9.1.41.3024
siemens
simatic ipc647c firmware
≤ 6.2.61.3535
+26 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for logical access to Intel AMT/ISM/SBT interfaces, blocking the unauthorized provisioning and privilege elevation described in CVE-2017-5689.

prevent

Limits privileges assigned to network and local users so that unprivileged attackers cannot obtain system-level access via the flawed manageability SKUs.

prevent

Restricts activation and exposure of non-essential AMT/ISM/SBT features, directly supporting the firmware-update and interface-disable mitigations in the Intel SA-00075 guide.

References