Vulnerability Details CVE-2017-5705
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://www.securityfocus.com/bid/101917
- http://www.securitytracker.com/id/1039852
- https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
- https://security.netapp.com/advisory/ntap-20171120-0001/
- https://twitter.com/PTsecurity_UK/status/938447926128291842
- https://www.asus.com/News/wzeltG5CjYaIwGJ0
- https://www.synology.com/support/security/Synology_SA_17_73
- http://www.securityfocus.com/bid/101917
- http://www.securitytracker.com/id/1039852
- https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
- https://security.netapp.com/advisory/ntap-20171120-0001/
- https://twitter.com/PTsecurity_UK/status/938447926128291842
- https://www.asus.com/News/wzeltG5CjYaIwGJ0
- https://www.synology.com/support/security/Synology_SA_17_73
Products affected by CVE-2017-5705
-
cpe:2.3:o:intel:manageability_engine_firmware:11.0
-
cpe:2.3:o:intel:manageability_engine_firmware:11.10
-
cpe:2.3:o:intel:manageability_engine_firmware:11.20
-
cpe:2.3:o:intel:manageability_engine_firmware:11.5
-
cpe:2.3:o:intel:manageability_engine_firmware:11.6
-
cpe:2.3:o:intel:manageability_engine_firmware:11.7