Sign-up

ID

VAR-201711-0644


CVE

CVE-2017-5705


TITLE

Intel Manageability Engine Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: e2e09270-39ab-11e9-9930-000c29342cb1 // CNVD: CNVD-2017-37849

DESCRIPTION

Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. Intel Manageability Engine The Intel Management Engine is Intel's thermal management driver for its desktop family of chipsets. Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Intel Xeon Processor E3-1200 and others are CPUs (Central Processing Units) of Intel Corporation. The following products and versions are affected: Intel Manageability Engine Firmware Version 11.0, Version 11.5, Version 11.6, Version 11.7, Version 11.10, Version 11.20; 6th, 7th, and 8th Generation Intel Core Processor Family; Intel Xeon Processor E3-1200 v5 and v6 Product Family; Intel Xeon Processor Scalable Family; Intel Xeon Processor W Family; Intel Atom C3000 Processor Family; Apollo Lake Intel Atom Processor E3900 series; Apollo Lake Intel Pentium; Celeron N and J series Processors

Trust: 2.7

sources: NVD: CVE-2017-5705 // JVNDB: JVNDB-2017-010519 // CNVD: CNVD-2017-37849 // BID: 101917 // IVD: e2e09270-39ab-11e9-9930-000c29342cb1 // VULHUB: VHN-113908

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e09270-39ab-11e9-9930-000c29342cb1 // CNVD: CNVD-2017-37849

AFFECTED PRODUCTS

vendor:intelmodel:manageability enginescope:eqversion:11.7

Trust: 3.3

vendor:intelmodel:manageability enginescope:eqversion:11.6

Trust: 3.3

vendor:intelmodel:manageability enginescope:eqversion:11.5

Trust: 3.3

vendor:intelmodel:manageability enginescope:eqversion:11.20

Trust: 3.3

vendor:intelmodel:manageability enginescope:eqversion:11.10

Trust: 3.3

vendor:intelmodel:manageability enginescope:eqversion:11.0

Trust: 3.3

vendor:manageability enginemodel: - scope:eqversion:11.0

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.5

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.6

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.7

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.10

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.20

Trust: 0.2

sources: IVD: e2e09270-39ab-11e9-9930-000c29342cb1 // CNVD: CNVD-2017-37849 // BID: 101917 // JVNDB: JVNDB-2017-010519 // CNNVD: CNNVD-201711-887 // NVD: CVE-2017-5705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5705
value: HIGH

Trust: 1.0

NVD: CVE-2017-5705
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37849
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-887
value: HIGH

Trust: 0.6

IVD: e2e09270-39ab-11e9-9930-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-113908
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5705
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37849
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e09270-39ab-11e9-9930-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113908
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5705
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e09270-39ab-11e9-9930-000c29342cb1 // CNVD: CNVD-2017-37849 // VULHUB: VHN-113908 // JVNDB: JVNDB-2017-010519 // CNNVD: CNNVD-201711-887 // NVD: CVE-2017-5705

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-113908 // JVNDB: JVNDB-2017-010519 // NVD: CVE-2017-5705

THREAT TYPE

local

Trust: 0.9

sources: BID: 101917 // CNNVD: CNNVD-201711-887

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: e2e09270-39ab-11e9-9930-000c29342cb1 // CNNVD: CNNVD-201711-887

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010519

PATCH
title:INTEL-SA-00086url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Trust: 0.8
title:NTAP-20171120-0001url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 0.8
title:Patch for Intel Manageability Engine Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/111461
Trust: 0.6
title:Multiple Intel product Manageability Engine Firmware Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76619
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37849 // 
            
            
            
            JVNDB: JVNDB-2017-010519 // 
            
            
            
            CNNVD: CNNVD-201711-887

EXTERNAL IDS
db:NVDid:CVE-2017-5705
Trust: 3.6
db:BIDid:101917
Trust: 2.0
db:SECTRACKid:1039852
Trust: 1.1
db:SIEMENSid:SSA-892715
Trust: 1.1
db:CNNVDid:CNNVD-201711-887
Trust: 0.9
db:CNVDid:CNVD-2017-37849
Trust: 0.8
db:ICS CERTid:ICSA-18-060-01
Trust: 0.8
db:JVNDBid:JVNDB-2017-010519
Trust: 0.8
db:IVDid:E2E09270-39AB-11E9-9930-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-113908
Trust: 0.1
sources:
            
            
            IVD: e2e09270-39ab-11e9-9930-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2017-37849 // 
            
            
            
            VULHUB: VHN-113908 // 
            
            
            
            BID: 101917 // 
            
            
            
            JVNDB: JVNDB-2017-010519 // 
            
            
            
            CNNVD: CNNVD-201711-887 // 
            
            
            
            NVD: CVE-2017-5705

REFERENCES
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 2.5
url:http://www.securityfocus.com/bid/101917
Trust: 1.1
url:https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Trust: 1.1
url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 1.1
url:https://www.asus.com/news/wzeltg5cjyaiwgj0
Trust: 1.1
url:https://www.synology.com/support/security/synology_sa_17_73
Trust: 1.1
url:https://twitter.com/ptsecurity_uk/status/938447926128291842
Trust: 1.1
url:http://www.securitytracker.com/id/1039852
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5705
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-060-01
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5705
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37849 // 
            
            
            
            VULHUB: VHN-113908 // 
            
            
            
            BID: 101917 // 
            
            
            
            JVNDB: JVNDB-2017-010519 // 
            
            
            
            CNNVD: CNNVD-201711-887 // 
            
            
            
            NVD: CVE-2017-5705

CREDITS
Mark Ermolov and Maxim Goryachy from Positive Technologies
Trust: 0.3
sources:
            
            
            BID: 101917

SOURCES
db:IVDid:e2e09270-39ab-11e9-9930-000c29342cb1
db:CNVDid:CNVD-2017-37849
db:VULHUBid:VHN-113908
db:BIDid:101917
db:JVNDBid:JVNDB-2017-010519
db:CNNVDid:CNNVD-201711-887
db:NVDid:CVE-2017-5705

LAST UPDATE DATE
2024-11-23T21:53:37.899000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37849date:2017-12-22T00:00:00
db:VULHUBid:VHN-113908date:2018-05-11T00:00:00
db:BIDid:101917date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010519date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201711-887date:2017-11-22T00:00:00
db:NVDid:CVE-2017-5705date:2024-11-21T03:28:15.513

SOURCES RELEASE DATE
db:IVDid:e2e09270-39ab-11e9-9930-000c29342cb1date:2017-12-22T00:00:00
db:CNVDid:CNVD-2017-37849date:2017-12-25T00:00:00
db:VULHUBid:VHN-113908date:2017-11-21T00:00:00
db:BIDid:101917date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-010519date:2017-12-18T00:00:00
db:CNNVDid:CNNVD-201711-887date:2017-11-22T00:00:00
db:NVDid:CVE-2017-5705date:2017-11-21T14:29:00.290