CVE-2017-5708 - Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/

CVE-2017-5708

Summary

Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.

References

Vulnerable Configurations

cpe:2.3:o:intel:manageability_engine_firmware:11.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.0:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.5:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.5:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.6:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.6:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.7:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.7:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.10:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.10:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.20:*:*:*:*:*:*:*
cpe:2.3:o:intel:manageability_engine_firmware:11.20:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	101921
confirm	https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001/ https://www.asus.com/News/wzeltG5CjYaIwGJ0 https://www.synology.com/support/security/Synology_SA_17_73
sectrack	1039852

Last major update

03-10-2019 - 00:03

Published

21-11-2017 - 14:29

Last modified

03-10-2019 - 00:03