Sign-up

ID

VAR-201711-0651


CVE

CVE-2017-5712


TITLE

Intel Manageability Engine Firmware of Active Management Technology Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010525

DESCRIPTION

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. Intel Manageability Engine The Intel Management Engine is Intel's thermal management driver for its desktop family of chipsets. Failed exploits may result in denial-of-service conditions. Intel Manageability Engine versions 8.x, 9.x, 10.x, 11.0,11.5, 11.6, 11.7, 11.10, and 11.20 are vulnerable. Intel Xeon Processor E3-1200 and others are CPUs (Central Processing Units) of Intel Corporation. Active Management Technology (AMT) is one of the active management components. The following products and firmware are affected: Intel Manageability Engine Firmware Version 8.x, Version 9.x, Version 10.x, Version 11.0, Version 11.5, Version 11.6, Version 11.7, Version 11.10, Version 11.20; Intel 6th, 7th and 8th Generation Intel Core Processor Family; Intel Xeon Processor E3-1200 v5 and v6 Product Family; Intel Xeon Processor Scalable Family; Intel Xeon Processor W Family; Intel Atom C3000 Processor Family; Apollo Lake Intel Atom Processor E3900 series; Apollo Lake Intel Pentium; Celeron N and J series Processors

Trust: 2.7

sources: NVD: CVE-2017-5712 // JVNDB: JVNDB-2017-010525 // CNVD: CNVD-2017-37852 // BID: 101920 // IVD: e2e06b61-39ab-11e9-9e0b-000c29342cb1 // VULHUB: VHN-113915

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e06b61-39ab-11e9-9e0b-000c29342cb1 // CNVD: CNVD-2017-37852

AFFECTED PRODUCTS

vendor:intelmodel:manageability enginescope:eqversion:11.7

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.6

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.5

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.20

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.10

Trust: 2.5

vendor:intelmodel:manageability enginescope:eqversion:11.0

Trust: 2.5

vendor:intelmodel:active management technologyscope:eqversion: -

Trust: 1.6

vendor:asusmodel:z170 pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150-v7scope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150m-v5scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-p d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250m-v5scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix heroscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc847cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:prime h110m-pscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simotion p320-4sscope:ltversion:17.02.06.83.1

Trust: 1.0

vendor:asusmodel:rog maximus x heroscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h270-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime q270m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170-pro\/usb 3.1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-k d3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m3scope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:h170i-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270-pscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250m-f plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170tscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-cs xscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h110m2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250m-c proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-v plusscope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:gteversion:10.0.0.0

Trust: 1.0

vendor:asusmodel:h110m-tsscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250h gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z370-pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-ks r1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150i pro gaming\/wifi\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110tscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus x apexscope:eqversion: -

Trust: 1.0

vendor:asusmodel:trooper h110 d3scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc547escope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:rog maximus viii rangerscope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:gteversion:9.0.0.0

Trust: 1.0

vendor:asusmodel:b150m-f plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:sabertooth z170 sscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-c\/brscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc547dscope:ltversion:7.1.91.3272

Trust: 1.0

vendor:asusmodel:prime z370-pscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-c d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:q270m-cm-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270g gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-p\/dviscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:sabertooth z170 mark 1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250-proscope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:gteversion:8.0.0.0

Trust: 1.0

vendor:asusmodel:trooper b150 d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-cs\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinumerik pcu50.5-pscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:prime z270-kscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc477escope:ltversion:21.01.07

Trust: 1.0

vendor:asusmodel:h170m-e d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150 pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii extremescope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-plus d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-fscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-escope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix h270f gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc827cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:h110m-c2\/tfscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-plusscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc477d proscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc847dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:b250 mining expertscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170 pro gaming\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250i gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170i pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-csscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250-v7scope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150m-v3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-d\/exper\/siscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c\/hdmiscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z370-plus gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:pio-b250iscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-a\/m.2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-e\/m.2scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc677dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:ex-h110m-v3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150 pro gaming\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix codescope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170t v2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-pscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h270m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-proscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270h gaming\/k1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-i gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc627dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:b150m pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-premiumscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-a\/m.2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-a d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-e gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc647dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:b150m-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250-mrscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m4scope:ltversion:18.01.06

Trust: 1.0

vendor:asusmodel:q270-sscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime h110m2\/fptscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250m-plus\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150 pro gaming d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix formulascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc427dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250m-vscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc827dscope:ltversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:prime h270-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix extremescope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b250m-v3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix h270i gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c\/psscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-a d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z270-arscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110i-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime z370-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b250-sscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-h gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-ksscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic itp1000scope:ltversion:23.01.03

Trust: 1.0

vendor:asusmodel:q170m-cm-bscope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii impactscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270h gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-g gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270i gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170m-e d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250g gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-ascope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc677cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:siemensmodel:simatic ipc477dscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z370-f gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-a\/dpscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z270 mark 1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii heroscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus x formulascope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170m2\/cdm\/siscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170 pro gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-b150m-vscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110s2scope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:lteversion:8.1.71.3608

Trust: 1.0

vendor:asusmodel:rog maximus viii hero alphascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150m-k d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150i pro gaming\/aurascope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170m-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170-plus d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:pio-b150mscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h170m-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus x codescope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-deluxescope:eqversion: -

Trust: 1.0

vendor:intelmodel:manageability enginescope:lteversion:9.1.41.3024

Trust: 1.0

vendor:asusmodel:prime b250m-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:b150-pro d3scope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime j3355i-cscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii formulascope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus viii genescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc647cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:siemensmodel:simatic ipc427escope:ltversion:21.01.07

Trust: 1.0

vendor:asusmodel:prime b250m-jscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270e gamingscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinumerik pcu50.5-cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:asusmodel:h110m-rscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic field pg m5scope:ltversion:22.01.04

Trust: 1.0

vendor:intelmodel:manageability enginescope:lteversion:10.0.55.3000

Trust: 1.0

vendor:asusmodel:h110s1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix z270f gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:ex-h110m-vscope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170s1scope:eqversion: -

Trust: 1.0

vendor:asusmodel:q170m2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-kscope:eqversion: -

Trust: 1.0

vendor:asusmodel:z170-arscope:eqversion: -

Trust: 1.0

vendor:asusmodel:tuf z270 mark 2scope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-c\/brscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-k xscope:eqversion: -

Trust: 1.0

vendor:asusmodel:prime b250-plusscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog maximus ix apexscope:eqversion: -

Trust: 1.0

vendor:asusmodel:rog strix b250f gamingscope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110t-ascope:eqversion: -

Trust: 1.0

vendor:asusmodel:h110m-escope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic ipc627cscope:ltversion:6.2.61.3535

Trust: 1.0

vendor:intelmodel:manageability enginescope:eqversion:9.0

Trust: 0.9

vendor:intelmodel:manageability enginescope:eqversion:8.0

Trust: 0.9

vendor:intelmodel:manageability enginescope:eqversion:10.0

Trust: 0.9

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:manageability enginescope: - version: -

Trust: 0.8

vendor:manageability enginemodel: - scope:eqversion:*

Trust: 0.6

vendor:manageability enginemodel: - scope:eqversion:11.0

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.5

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.6

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.7

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.10

Trust: 0.2

vendor:manageability enginemodel: - scope:eqversion:11.20

Trust: 0.2

vendor:active managementmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2e06b61-39ab-11e9-9e0b-000c29342cb1 // CNVD: CNVD-2017-37852 // BID: 101920 // JVNDB: JVNDB-2017-010525 // CNNVD: CNNVD-201711-880 // NVD: CVE-2017-5712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5712
value: HIGH

Trust: 1.0

NVD: CVE-2017-5712
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37852
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-880
value: HIGH

Trust: 0.6

IVD: e2e06b61-39ab-11e9-9e0b-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-113915
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5712
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37852
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e06b61-39ab-11e9-9e0b-000c29342cb1
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113915
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5712
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-5712
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2e06b61-39ab-11e9-9e0b-000c29342cb1 // CNVD: CNVD-2017-37852 // VULHUB: VHN-113915 // JVNDB: JVNDB-2017-010525 // CNNVD: CNNVD-201711-880 // NVD: CVE-2017-5712

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-113915 // JVNDB: JVNDB-2017-010525 // NVD: CVE-2017-5712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-880

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201711-880

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010525

PATCH
title:INTEL-SA-00086url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Trust: 0.8
title:NTAP-20171120-0001url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 0.8
title:Patch for Intel Manageability Engine Buffer Overflow Vulnerability (CNVD-2017-37852)url:https://www.cnvd.org.cn/patchInfo/show/111453
Trust: 0.6
title:Multiple Intel product Intel Manageability Engine Firmware Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=76612
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-37852 // 
            
            
            
            JVNDB: JVNDB-2017-010525 // 
            
            
            
            CNNVD: CNNVD-201711-880

EXTERNAL IDS
db:NVDid:CVE-2017-5712
Trust: 3.6
db:BIDid:101920
Trust: 2.6
db:SECTRACKid:1039852
Trust: 1.7
db:SIEMENSid:SSA-892715
Trust: 1.7
db:CNNVDid:CNNVD-201711-880
Trust: 0.9
db:CNVDid:CNVD-2017-37852
Trust: 0.8
db:ICS CERTid:ICSA-18-060-01
Trust: 0.8
db:JVNDBid:JVNDB-2017-010525
Trust: 0.8
db:IVDid:E2E06B61-39AB-11E9-9E0B-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-113915
Trust: 0.1
sources:
            
            
            IVD: e2e06b61-39ab-11e9-9e0b-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2017-37852 // 
            
            
            
            VULHUB: VHN-113915 // 
            
            
            
            BID: 101920 // 
            
            
            
            JVNDB: JVNDB-2017-010525 // 
            
            
            
            CNNVD: CNNVD-201711-880 // 
            
            
            
            NVD: CVE-2017-5712

REFERENCES
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 2.5
url:http://www.securityfocus.com/bid/101920
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20171120-0001/
Trust: 1.7
url:https://www.asus.com/news/wzeltg5cjyaiwgj0
Trust: 1.7
url:http://www.securitytracker.com/id/1039852
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5712
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-18-060-01
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5712
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37852 // 
            
            
            
            VULHUB: VHN-113915 // 
            
            
            
            BID: 101920 // 
            
            
            
            JVNDB: JVNDB-2017-010525 // 
            
            
            
            CNNVD: CNNVD-201711-880 // 
            
            
            
            NVD: CVE-2017-5712

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101920

SOURCES
db:IVDid:e2e06b61-39ab-11e9-9e0b-000c29342cb1
db:CNVDid:CNVD-2017-37852
db:VULHUBid:VHN-113915
db:BIDid:101920
db:JVNDBid:JVNDB-2017-010525
db:CNNVDid:CNNVD-201711-880
db:NVDid:CVE-2017-5712

LAST UPDATE DATE
2024-08-14T13:29:32.541000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37852date:2017-12-22T00:00:00
db:VULHUBid:VHN-113915date:2018-05-11T00:00:00
db:BIDid:101920date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-010525date:2019-07-10T00:00:00
db:CNNVDid:CNNVD-201711-880date:2023-05-23T00:00:00
db:NVDid:CVE-2017-5712date:2023-05-22T16:18:54.070

SOURCES RELEASE DATE
db:IVDid:e2e06b61-39ab-11e9-9e0b-000c29342cb1date:2017-12-22T00:00:00
db:CNVDid:CNVD-2017-37852date:2017-12-22T00:00:00
db:VULHUBid:VHN-113915date:2017-11-21T00:00:00
db:BIDid:101920date:2017-11-20T00:00:00
db:JVNDBid:JVNDB-2017-010525date:2017-12-18T00:00:00
db:CNNVDid:CNNVD-201711-880date:2017-11-24T00:00:00
db:NVDid:CVE-2017-5712date:2017-11-21T14:29:00.540