CVE-2017-5698 - Vulnerability Details

Vendors	Products
Intel	Active Management Technology Firmware Manageability Engine Firmware Small Business Technology Firmware

Link	Providers
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", "vendor": "Intel Corporation", "versions": [{"status": "affected", "version": "version 11.0.25.3001 and 11.0.26.3000"}]}], "datePublic": "2017-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}], "problemTypes": [{"descriptions": [{"description": "Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T19:57:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "DATE_PUBLIC": "2017-09-28T00:00:00", "ID": "CVE-2017-5698", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology", "version": {"version_data": [{"version_value": "version 11.0.25.3001 and 11.0.26.3000"}]}}]}, "vendor_name": "Intel Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr", "refsource": "CONFIRM", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:11:48.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2017-5698", "datePublished": "2017-09-05T19:00:00Z", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2024-09-16T17:38:42.112Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology (string)

vendor : Intel Corporation (string)

versions : [ »

0 : { »

status : affected (string)

version : version 11.0.25.3001 and 11.0.26.3000 (string)

}

]

}

]

datePublic : 2017-09-28T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Escalation of Privilege (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-28T19:57:01 (string)

orgId : 6dda929c-bb53-4a77-a76d-48e79601a1ce (string)

shortName : intel (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@intel.com (string)

DATE_PUBLIC : 2017-09-28T00:00:00 (string)

ID : CVE-2017-5698 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology (string)

version : { »

version_data : [ »

0 : { »

version_value : version 11.0.25.3001 and 11.0.26.3000 (string)

}

]

}

]

}

vendor_name : Intel Corporation (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Escalation of Privilege (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr (string)

refsource : CONFIRM (string)

url : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T15:11:48.556Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 6dda929c-bb53-4a77-a76d-48e79601a1ce (string)

assignerShortName : intel (string)

cveId : CVE-2017-5698 (string)

datePublished : 2017-09-05T19:00:00Z (string)

dateReserved : 2017-02-01T00:00:00 (string)

dateUpdated : 2024-09-16T17:38:42.112Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "C58BB0F4-0CC8-4117-9FBD-842F1A2629A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "EDA1C111-F4A6-4191-A649-83B8D7E87920", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:manageability_engine_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "88A6B19B-50BD-4EFE-A707-F3557D05D816", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:manageability_engine_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "6E412DFA-8C90-4C8C-A281-00A344AEF0FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:small_business_technology_firmware:11.0.25.3001:*:*:*:*:*:*:*", "matchCriteriaId": "E975987A-24AC-43B2-8E8D-FCAFF2DFABAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:intel:small_business_technology_firmware:11.0.26.3000:*:*:*:*:*:*:*", "matchCriteriaId": "CF3F2A41-56E9-4648-94B8-FBDFCA43B3D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges."}, {"lang": "es", "value": "El sistema anti-rollback de Intel Active Management Technology, Intel Standard Manageability e Intel Small Business Technology en sus versiones 11.0.25.3001 y 11.0.26.3000 no evita que se actualice el firmware a la versi\u00f3n 11.6.x.1xxx, la cual es vulnerable a CVE-2017-5689. Esto puede llevarlo a cabo un usuario local con privilegios de administrador."}], "id": "CVE-2017-5698", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-05T19:29:00.217", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:intel:active_management_technology_firmware:11.0.25.3001:*:*:*:*:*:*:* (string)

matchCriteriaId : C58BB0F4-0CC8-4117-9FBD-842F1A2629A7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:intel:active_management_technology_firmware:11.0.26.3000:*:*:*:*:*:*:* (string)

matchCriteriaId : EDA1C111-F4A6-4191-A649-83B8D7E87920 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:intel:manageability_engine_firmware:11.0.25.3001:*:*:*:*:*:*:* (string)

matchCriteriaId : 88A6B19B-50BD-4EFE-A707-F3557D05D816 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:intel:manageability_engine_firmware:11.0.26.3000:*:*:*:*:*:*:* (string)

matchCriteriaId : 6E412DFA-8C90-4C8C-A281-00A344AEF0FE (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:intel:small_business_technology_firmware:11.0.25.3001:*:*:*:*:*:*:* (string)

matchCriteriaId : E975987A-24AC-43B2-8E8D-FCAFF2DFABAC (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:intel:small_business_technology_firmware:11.0.26.3000:*:*:*:*:*:*:* (string)

matchCriteriaId : CF3F2A41-56E9-4648-94B8-FBDFCA43B3D1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. (string)

}

1 : { »

lang : es (string)

value : El sistema anti-rollback de Intel Active Management Technology, Intel Standard Manageability e Intel Small Business Technology en sus versiones 11.0.25.3001 y 11.0.26.3000 no evita que se actualice el firmware a la versión 11.6.x.1xxx, la cual es vulnerable a CVE-2017-5689. Esto puede llevarlo a cabo un usuario local con privilegios de administrador. (string)

}

]

id : CVE-2017-5698 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.9 (number)

confidentialityImpact : NONE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:C/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 4.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : HIGH (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 0.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-09-05T19:29:00.217 (string)

references : [ »

0 : { »

source : secure@intel.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00082&languageid=en-fr (string)

}

]

sourceIdentifier : secure@intel.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object