VAR-201706-0438
Vulnerability from variot - Updated: 2024-02-26 22:48Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. Intel Active Management Technology is prone to a clickjacking vulnerability. Successfully exploiting this issue may allow attackers to gain unauthorized access to the affected application or obtain sensitive information. Other attacks are also possible. Intel Active Management Technology firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205 are vulnerable. Web User Interface is one of the Web management interfaces. The following versions are affected: Intel AMT firmware prior to 9.1.40.1000, prior to 9.5.60.1952, prior to 10.0.50.1004, prior to 11.0.0.1205, prior to 11.6.25.1129
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "9.5"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "10.0.50.1004"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.6.25.1129"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "9.1"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "9.5.60.1952"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "10.0"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "9.1.40.1000"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.6"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.0.0.1205"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "9.5"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "9.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "10.0"
},
{
"model": "intel active management technology",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel active management technology firmware"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "11.6"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.60.1952"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.40.100"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.0.1205"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.0.50.1004"
}
],
"sources": [
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo",
"sources": [
{
"db": "BID",
"id": "99064"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5697",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-5697",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-113900",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-5697",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5697",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-608",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113900",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker\u0027s crafted web page. Intel Active Management Technology is prone to a clickjacking vulnerability. \nSuccessfully exploiting this issue may allow attackers to gain unauthorized access to the affected application or obtain sensitive information. Other attacks are also possible. \nIntel Active Management Technology firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205 are vulnerable. Web User Interface is one of the Web management interfaces. The following versions are affected: Intel AMT firmware prior to 9.1.40.1000, prior to 9.5.60.1952, prior to 10.0.50.1004, prior to 11.0.0.1205, prior to 11.6.25.1129",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5697"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "VULHUB",
"id": "VHN-113900"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5697",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608",
"trust": 0.7
},
{
"db": "BID",
"id": "99064",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-113900",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"id": "VAR-201706-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-26T22:48:07.734000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00081",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00081\u0026languageid=en-fr"
},
{
"title": "Intel AMT firmware Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71495"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.0
},
{
"problemtype": "Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00081\u0026languageid=en-fr"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5697"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00081\u0026amp;languageid=en-fr"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-113900"
},
{
"date": "2017-06-05T00:00:00",
"db": "BID",
"id": "99064"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"date": "2017-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"date": "2017-06-14T12:29:00.177000",
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-113900"
},
{
"date": "2017-06-05T00:00:00",
"db": "BID",
"id": "99064"
},
{
"date": "2024-02-26T01:30:00",
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"date": "2024-01-26T18:02:02.987000",
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel\u00a0AMT\u00a0 firmware \u00a0Web\u00a0User\u00a0Interface\u00a0 Vulnerability that allows user\u0027s web click operations to be hijacked in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…