var-201705-3474
Vulnerability from variot
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). These functions use multiple ports to listen for administrative commands. Intel According to the document AMT Port as web interface for 16992 and 16993 Is used. Also other ports 16994 When 16995 Or 623 When 664 May be used. Intel Documents https://software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf port 16994 When 16995 https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required Supporting these remote management functions Intel Management Engine In the remote ( Not authenticated ) There is a vulnerability that allows remote management functions to be accessed by a third party. Intel Is a security advisory for this vulnerability (INTEL-SA-00075) And guide for mitigation (INTEL-SA-00075 Mitigation Guide) Offers. Security advisory (INTEL-SA-00075) https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr Mitigation guide (INTEL-SA-00075 Mitigation Guide) https://downloadcenter.intel.com/download/26754 Also, OEM This product may have this remote management function enabled.A remote attacker may gain access to the remote management functions of the system. Intel AMT has a remote authentication bypass vulnerability. Unauthorized users only need to send an empty user_response value to bypass the Intel AMT Web authentication system and use the Keyboard Video Mouse (KVM) feature to remotely control the system for malicious operations. Multiple Intel products are prone to a privilege-escalation vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03754en_us Version: 1
HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-05-26 Last Updated: 2017-05-26
Potential Security Impact: Remote: Access Restriction Bypass
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor. The vulnerability could be remotely exploited to allow access restriction bypass. Do not attempt to upgrade the ME FW without following the instructions detailed in the Resolution section. Refer to the "Platform Specific Information" section in the Resolution for more specific information on upgrades for specific ProLiant servers.
References:
- CVE-2017-5689
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug 4LFF SATA 300W AP Svr/Promo Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W Svr/S-Buy Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W Perf Svr Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/GO Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/TV Gen9
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5689
8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following resolution for this issue:
Note: Only the ProLiant Gen9 server detailed in the impacted product information above can be upgraded using the procedure described in this document. Before beginning the upgrade process, the server must have Intel Xeon E3-1200 v5 processors installed. See below for further instructions.
Upgrade to the latest System ROM available for the platform prior to upgrading the ME is required. System ROM will need 1.06 version or later to support this ME firmware.
The system ROM toolkit and firmware image can be found at:
-
BIOS 1.06 (Windows) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_0a1076f4bf0444a090b09eeb62&swEnvOid=4168#tab1
-
BIOS 1.06 (Linux 6) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_14bacf35f0844bb696ef65799b&swEnvOid=4103
-
BIOS 1.06 (Linux 7) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_14bacf35f0844bb696ef65799b&swEnvOid=4176
The ME toolkit and firmware image can be found at:
-
ME 11.6.27.3264 (Windows) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_359491d72fe04c0f9461fd657d&swEnvOid=4168
-
ME 11.6.27.3264 (UEFI) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_67a275408a9b45aba72ad7cbc1&swEnvOid=4168
HISTORY Version:1 (rev.1) - 26 May 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJZKGjXAAoJELXhAxt7SZaiu3AH/2a97Qx1mBghXloDAR4pCdWE qiQUvMYft5zk2UmRgQpg5jOjDMSBQFTPtPvV9vBYxhj0Or49wAyTDcw1JeG8I8hI Bs9XDJXOQXvhTjdJakpG/+PIPsoMwJhNoH9H4/rWn0iUJb3wjTDEoHboNfSRZh0j mRlEpDmc12sDSlalJ3LymcXt/Zn/62t1VErmQp3QSdlCjsSxttoUvVzz6u2plKQ0 tJqa8m76wP2fzmIcEpr4DqHkSmAqAyAQEPiVjmdDYYaIN1pi1GKkcIu4WbI7x2xY Tjy4CXRHSy357ePv3zqwMYfl4nbQe+1Fk4zSNf1i18LQ9kLWp6mSPqLMV7kOnko= =DPhQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3474",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "9.5"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "9.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "9.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "8.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "8.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "7.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "7.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "6.2"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "6.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "6.0"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "7.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "8.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "9.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "10.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "11.6"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "11.5"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "10.0"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "version 6.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.5 and 11.6 using hardware"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "6.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "11.5"
},
{
"model": "thinkcentre m83",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "0"
},
{
"model": "sinumerik panel control unit",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simotion p320",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic industrial pc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "micros workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6500"
},
{
"model": "micros pc workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "20150"
},
{
"model": "thinkstation s30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p910",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p900",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p710",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p700",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p510",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p500",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p410",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p310",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p300",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e32",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e31",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e20",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation d30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation c30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts250",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts240",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts200v",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts150",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts140",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3700"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad x240s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2400"
},
{
"model": "thinkpad w550s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w530",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w520",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t470p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t431s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t430s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s430",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s1 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "120"
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p51",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l570",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l470",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre merton m81",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m93z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m92z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910t",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910q",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m90z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m900z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m900",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m800",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m710q",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m700 tiny",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre edge92",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre e63z fqkt33a",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.5"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.2"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.6"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.5"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "10.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.5"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.2"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.6"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.5"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "10.0"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.61.3012"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.41.3024"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "8.1.71.3608"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "7.1.91.3272"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "6.2.61.3535"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.6.27.3264"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.25.3001"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.55.3000"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.61.3012"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.41.3024"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "8.1.71.3608"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "7.1.91.3272"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "6.2.61.3535"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.6.27.3264"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.25.3001"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.55.3000"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.61.3012"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.41.3024"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "8.1.71.3608"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "7.1.91.3272"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "6.2.61.3535"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.6.27.3264"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.25.3001"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.55.3000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "11.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "11.6"
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laxita Jain",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
],
"trust": 0.6
},
"cve": "CVE-2017-5689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5689",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05856",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "408ebf9c-6ba3-4489-b364-1b4677311268",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-113892",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5689",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5689",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-05856",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-136",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113892",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5689",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). These functions use multiple ports to listen for administrative commands. Intel According to the document AMT Port as web interface for 16992 and 16993 Is used. Also other ports 16994 When 16995 Or 623 When 664 May be used. Intel Documents https://software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf port 16994 When 16995 https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required Supporting these remote management functions Intel Management Engine In the remote ( Not authenticated ) There is a vulnerability that allows remote management functions to be accessed by a third party. Intel Is a security advisory for this vulnerability (INTEL-SA-00075) And guide for mitigation (INTEL-SA-00075 Mitigation Guide) Offers. Security advisory (INTEL-SA-00075) https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075\u0026languageid=en-fr Mitigation guide (INTEL-SA-00075 Mitigation Guide) https://downloadcenter.intel.com/download/26754 Also, OEM This product may have this remote management function enabled.A remote attacker may gain access to the remote management functions of the system. Intel AMT has a remote authentication bypass vulnerability. Unauthorized users only need to send an empty user_response value to bypass the Intel AMT Web authentication system and use the Keyboard Video Mouse (KVM) feature to remotely control the system for malicious operations. Multiple Intel products are prone to a privilege-escalation vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03754en_us\nVersion: 1\n\nHPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5\nProcessor, Remote Access Restriction Bypass\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-05-26\nLast Updated: 2017-05-26\n\nPotential Security Impact: Remote: Access Restriction Bypass\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in HPE ML10 Gen 9\nServer using Intel Xeon E3-1200 v5 Processor. The vulnerability could be\nremotely exploited to allow access restriction bypass. Do not attempt to upgrade the ME\nFW without following the instructions detailed in the Resolution section. \nRefer to the \"Platform Specific Information\" section in the Resolution for\nmore specific information on upgrades for specific ProLiant servers. \n\nReferences:\n\n - CVE-2017-5689\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug\n4LFF SATA 300W AP Svr/Promo Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W\nSvr/S-Buy Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W\nPerf Svr Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/GO Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/TV Gen9\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5689\n 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\n 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following resolution for this issue: \n\n**Note:** Only the ProLiant Gen9 server detailed in the impacted product\ninformation above can be upgraded using the procedure described in this\ndocument. Before beginning the upgrade process, the server must have Intel\nXeon E3-1200 v5 processors installed. See below for further instructions. \n\nUpgrade to the latest System ROM available for the platform prior to\nupgrading the ME is required. System ROM will need 1.06 version or later to\nsupport this ME firmware. \n\nThe system ROM toolkit and firmware image can be found at:\n\n * BIOS 1.06 (Windows)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_0a1076f4bf0444a090b09eeb62\u0026swEnvOid=4168#tab1\u003e \n\n* BIOS 1.06 (Linux 6)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_14bacf35f0844bb696ef65799b\u0026swEnvOid=4103\u003e \n\n * BIOS 1.06 (Linux 7)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_14bacf35f0844bb696ef65799b\u0026swEnvOid=4176\u003e\n\nThe ME toolkit and firmware image can be found at:\n\n * ME 11.6.27.3264 (Windows)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_359491d72fe04c0f9461fd657d\u0026swEnvOid=4168\u003e\n\n* ME 11.6.27.3264 (UEFI)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_67a275408a9b45aba72ad7cbc1\u0026swEnvOid=4168\u003e\n\nHISTORY\nVersion:1 (rev.1) - 26 May 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZKGjXAAoJELXhAxt7SZaiu3AH/2a97Qx1mBghXloDAR4pCdWE\nqiQUvMYft5zk2UmRgQpg5jOjDMSBQFTPtPvV9vBYxhj0Or49wAyTDcw1JeG8I8hI\nBs9XDJXOQXvhTjdJakpG/+PIPsoMwJhNoH9H4/rWn0iUJb3wjTDEoHboNfSRZh0j\nmRlEpDmc12sDSlalJ3LymcXt/Zn/62t1VErmQp3QSdlCjsSxttoUvVzz6u2plKQ0\ntJqa8m76wP2fzmIcEpr4DqHkSmAqAyAQEPiVjmdDYYaIN1pi1GKkcIu4WbI7x2xY\nTjy4CXRHSy357ePv3zqwMYfl4nbQe+1Fk4zSNf1i18LQ9kLWp6mSPqLMV7kOnko=\n=DPhQ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "PACKETSTORM",
"id": "142693"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113892",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43385",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5689",
"trust": 3.8
},
{
"db": "BID",
"id": "98269",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-874235",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038385",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#491375",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05856",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-180-01A",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92793783",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156782",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-180-01",
"trust": 0.3
},
{
"db": "LENOVO",
"id": "LEN-14963",
"trust": 0.3
},
{
"db": "IVD",
"id": "408EBF9C-6BA3-4489-B364-1B4677311268",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142693",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-93070",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "43385",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113892",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5689",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "PACKETSTORM",
"id": "142693"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"id": "VAR-201705-3474",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
}
],
"trust": 1.3552910066666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
}
]
},
"last_update_date": "2024-04-19T22:55:05.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00075 Mitigation Guide",
"trust": 0.8,
"url": "https://downloadcenter.intel.com/download/26754"
},
{
"title": "INTEL ACTIVE MANAGEMENT TECHNOLOGY (INTEL AMT) Start Here Guide (Intel AMT 9.0)",
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf"
},
{
"title": "INTEL-SA-00075",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00075\u0026languageid=en-fr"
},
{
"title": "NV17-021",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-021.html"
},
{
"title": "Why Must Intel AMT Be Configured, and What is Required?",
"trust": 0.8,
"url": "https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required"
},
{
"title": "Rediscovering the Intel AMT Vulnerability",
"trust": 0.8,
"url": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability"
},
{
"title": "\u30a4\u30f3\u30c6\u30eb\u793e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a8\u30a2\u306e\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
"trust": 0.8,
"url": "http://dynabook.com/assistpc/info/2017/201705icpu.htm"
},
{
"title": "\u30a4\u30f3\u30c6\u30eb\u793e\u306e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306e\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/intel/20170510/"
},
{
"title": "Intel AMT Remote Authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/93339"
},
{
"title": "Multiple Intel Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69788"
},
{
"title": "Cisco: Intel Active Management Technology Privilege Escalation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170512-intelamt"
},
{
"title": "HP: HPSBHF03557 rev. 1 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03557"
},
{
"title": "Brocade Security Advisories: BSA-2017-320",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=2cf6af0133ca060b98e91dd3a5ab51e8"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Intel_IME_WebUI_bypass",
"trust": 0.1,
"url": "https://github.com/flyingfishfuse/intel_ime_webui_bypass "
},
{
"title": "Disable-Intel-AMT",
"trust": 0.1,
"url": "https://github.com/bartblaze/disable-intel-amt "
},
{
"title": "cve2017-5689",
"trust": 0.1,
"url": "https://github.com/baonq-me/cve2017-5689 "
},
{
"title": "intel_amt_bypass",
"trust": 0.1,
"url": "https://github.com/bijaye/intel_amt_bypass "
},
{
"title": "amt_auth_bypass",
"trust": 0.1,
"url": "https://github.com/chokyuwon/amt_auth_bypass "
},
{
"title": "amt_auth_bypass_poc",
"trust": 0.1,
"url": "https://github.com/embedi/amt_auth_bypass_poc "
},
{
"title": "INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools",
"trust": 0.1,
"url": "https://github.com/intel/intel-sa-00075-linux-detection-and-mitigation-tools "
},
{
"title": "amthoneypot",
"trust": 0.1,
"url": "https://github.com/packetflare/amthoneypot "
},
{
"title": "HUANANZHI-X99-F8",
"trust": 0.1,
"url": "https://github.com/bios-iengineer/huananzhi-x99-f8 "
},
{
"title": "awesome-shodan-queries",
"trust": 0.1,
"url": "https://github.com/blackunixteam/awesome-shodan-queries "
},
{
"title": "-jakejarvis-awesome-shodan-queries-",
"trust": 0.1,
"url": "https://github.com/soumyajas2324/-jakejarvis-awesome-shodan-queries- "
},
{
"title": "HUANANZHI-X99-TF",
"trust": 0.1,
"url": "https://github.com/bios-iengineer/huananzhi-x99-tf "
},
{
"title": "awesome-shodan-queries",
"trust": 0.1,
"url": "https://github.com/jakejarvis/awesome-shodan-queries "
},
{
"title": "shodan_queries",
"trust": 0.1,
"url": "https://github.com/tristisranae/shodan_queries "
},
{
"title": "AutoSploit",
"trust": 0.1,
"url": "https://github.com/rootup/autosploit "
},
{
"title": "Awesome-Honeypots",
"trust": 0.1,
"url": "https://github.com/aidowedo/awesome-honeypots "
},
{
"title": "-awesome-honeypots-",
"trust": 0.1,
"url": "https://github.com/nieuport/-awesome-honeypots- "
},
{
"title": "awesome-honeypot",
"trust": 0.1,
"url": "https://github.com/alphaseclab/awesome-honeypot "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00075\u0026languageid=en-fr"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98269"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf"
},
{
"trust": 1.7,
"url": "https://downloadmirror.intel.com/26754/eng/intel-sa-00075%20mitigation%20guide-rev%201.1.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20170509-0001/"
},
{
"trust": 1.7,
"url": "https://www.embedi.com/files/white-papers/silent-bob-is-silent.pdf"
},
{
"trust": 1.7,
"url": "https://www.embedi.com/news/mythbusters-cve-2017-5689"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038385"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03754en_us"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/491375"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5689"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5689"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-180-01a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92793783/index.html"
},
{
"trust": 0.8,
"url": "https://www.embedi.com/news/what-you-need-know-about-intel-amt-vulnerability"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ncas/current-activity/2017/05/01/intel-firmware-vulnerability"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156782/manually-exploiting-intel-amt.html"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-180-01"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/us/en/product_security/len-14963"
},
{
"trust": 0.3,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03754en_us"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00075\u0026amp;languageid=en-fr"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swite"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03754en_us"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "PACKETSTORM",
"id": "142693"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "PACKETSTORM",
"id": "142693"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-03T00:00:00",
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"date": "2017-05-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"date": "2017-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-113892"
},
{
"date": "2017-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"date": "2017-05-01T00:00:00",
"db": "BID",
"id": "98269"
},
{
"date": "2017-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"date": "2017-05-27T02:57:43",
"db": "PACKETSTORM",
"id": "142693"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"date": "2017-05-02T14:59:00.520000",
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"date": "2020-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-113892"
},
{
"date": "2020-02-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"date": "2017-07-19T15:07:00",
"db": "BID",
"id": "98269"
},
{
"date": "2017-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"date": "2020-02-18T17:12:15.747000",
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel AMT Remote Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.