Details of VAR-201711-0647

ID

VAR-201711-0647

CVE

CVE-2017-5708

TITLE

Intel Manageability Engine Firmware Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-010522

DESCRIPTION

Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector. Intel Manageability Engine Firmware Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Manageability Engine The Intel Management Engine is Intel's thermal management driver for its desktop family of chipsets. An attacker could exploit the vulnerability to access privileged content. Intel Xeon Processor E3-1200 and others are CPUs (Central Processing Units) of Intel Corporation. kernel is one of the kernels. The following products and versions are affected: Intel Manageability Engine Firmware Firmware Version 11.0, Version 11.5, Version 11.6, Version 11.7, Version 11.10, Version 11.20; 6th, 7th, and 8th Generation Intel Core Processor Family; Intel Xeon Processor E3-1200 v5 and v6 Product Family; Intel Xeon Processor Scalable Family; Intel Xeon Processor W Family; Intel Atom C3000 Processor Family; Apollo Lake Intel Atom Processor E3900 series; Apollo Lake Intel Pentium; Celeron N and J series Processors

Trust: 2.7

sources: NVD: CVE-2017-5708 // JVNDB: JVNDB-2017-010522 // CNVD: CNVD-2017-37850 // BID: 101921 // IVD: e2e04452-39ab-11e9-bf1e-000c29342cb1 // VULHUB: VHN-113911

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e04452-39ab-11e9-bf1e-000c29342cb1 // CNVD: CNVD-2017-37850

AFFECTED PRODUCTS

vendor:	intel	model:	manageability engine	scope:	eq	version:	11.7	Trust: 3.3
vendor:	intel	model:	manageability engine	scope:	eq	version:	11.6	Trust: 3.3
vendor:	intel	model:	manageability engine	scope:	eq	version:	11.5	Trust: 3.3
vendor:	intel	model:	manageability engine	scope:	eq	version:	11.20	Trust: 3.3
vendor:	intel	model:	manageability engine	scope:	eq	version:	11.10	Trust: 3.3
vendor:	intel	model:	manageability engine	scope:	eq	version:	11.0	Trust: 3.3
vendor:	manageability engine	model:	-	scope:	eq	version:	11.0	Trust: 0.2
vendor:	manageability engine	model:	-	scope:	eq	version:	11.5	Trust: 0.2
vendor:	manageability engine	model:	-	scope:	eq	version:	11.6	Trust: 0.2
vendor:	manageability engine	model:	-	scope:	eq	version:	11.7	Trust: 0.2
vendor:	manageability engine	model:	-	scope:	eq	version:	11.10	Trust: 0.2
vendor:	manageability engine	model:	-	scope:	eq	version:	11.20	Trust: 0.2

sources: IVD: e2e04452-39ab-11e9-bf1e-000c29342cb1 // CNVD: CNVD-2017-37850 // BID: 101921 // JVNDB: JVNDB-2017-010522 // CNNVD: CNNVD-201711-884 // NVD: CVE-2017-5708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5708
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5708
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-37850
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-884
value:	HIGH
Trust: 0.6
IVD:	e2e04452-39ab-11e9-bf1e-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-113911
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5708
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37850
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e04452-39ab-11e9-bf1e-000c29342cb1
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-113911
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5708
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e04452-39ab-11e9-bf1e-000c29342cb1 // CNVD: CNVD-2017-37850 // VULHUB: VHN-113911 // JVNDB: JVNDB-2017-010522 // CNNVD: CNNVD-201711-884 // NVD: CVE-2017-5708

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-113911 // JVNDB: JVNDB-2017-010522 // NVD: CVE-2017-5708

THREAT TYPE

local

Trust: 0.9

sources: BID: 101921 // CNNVD: CNNVD-201711-884

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-884

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010522

PATCH

title:	INTEL-SA-00086	url:	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr	Trust: 0.8
title:	NTAP-20171120-0001	url:	https://security.netapp.com/advisory/ntap-20171120-0001/	Trust: 0.8
title:	Intel Manageability Engine has multiple patches for local privilege escalation vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/111459	Trust: 0.6
title:	Multiple Intel product Manageability Engine Firmware Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76616	Trust: 0.6

sources: CNVD: CNVD-2017-37850 // JVNDB: JVNDB-2017-010522 // CNNVD: CNNVD-201711-884

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5708	Trust: 3.6
db:	BID	id:	101921	Trust: 2.6
db:	SECTRACK	id:	1039852	Trust: 1.7
db:	SIEMENS	id:	SSA-892715	Trust: 1.7
db:	CNNVD	id:	CNNVD-201711-884	Trust: 0.9
db:	CNVD	id:	CNVD-2017-37850	Trust: 0.8
db:	ICS CERT	id:	ICSA-18-060-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-010522	Trust: 0.8
db:	IVD	id:	E2E04452-39AB-11E9-BF1E-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-113911	Trust: 0.1

sources: IVD: e2e04452-39ab-11e9-bf1e-000c29342cb1 // CNVD: CNVD-2017-37850 // VULHUB: VHN-113911 // BID: 101921 // JVNDB: JVNDB-2017-010522 // CNNVD: CNNVD-201711-884 // NVD: CVE-2017-5708

REFERENCES

url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr	Trust: 2.5
url:	http://www.securityfocus.com/bid/101921	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20171120-0001/	Trust: 1.7
url:	https://www.asus.com/news/wzeltg5cjyaiwgj0	Trust: 1.7
url:	https://www.synology.com/support/security/synology_sa_17_73	Trust: 1.7
url:	http://www.securitytracker.com/id/1039852	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5708	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-18-060-01	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5708	Trust: 0.8
url:	http://www.intel.com/content/www/us/en/homepage.html	Trust: 0.3
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr	Trust: 0.1

sources: CNVD: CNVD-2017-37850 // VULHUB: VHN-113911 // BID: 101921 // JVNDB: JVNDB-2017-010522 // CNNVD: CNNVD-201711-884 // NVD: CVE-2017-5708

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101921

SOURCES

db:	IVD	id:	e2e04452-39ab-11e9-bf1e-000c29342cb1
db:	CNVD	id:	CNVD-2017-37850
db:	VULHUB	id:	VHN-113911
db:	BID	id:	101921
db:	JVNDB	id:	JVNDB-2017-010522
db:	CNNVD	id:	CNNVD-201711-884
db:	NVD	id:	CVE-2017-5708

LAST UPDATE DATE

2024-11-23T21:53:37.857000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37850	date:	2017-12-22T00:00:00
db:	VULHUB	id:	VHN-113911	date:	2019-10-03T00:00:00
db:	BID	id:	101921	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010522	date:	2019-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201711-884	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-5708	date:	2024-11-21T03:28:15.910

SOURCES RELEASE DATE

db:	IVD	id:	e2e04452-39ab-11e9-bf1e-000c29342cb1	date:	2017-12-22T00:00:00
db:	CNVD	id:	CNVD-2017-37850	date:	2017-12-22T00:00:00
db:	VULHUB	id:	VHN-113911	date:	2017-11-21T00:00:00
db:	BID	id:	101921	date:	2017-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-010522	date:	2017-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201711-884	date:	2017-11-22T00:00:00
db:	NVD	id:	CVE-2017-5708	date:	2017-11-21T14:29:00.400