Security Vulnerabilities - CVEs Published In November 2017
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.
CVSS Score
8.8
EPSS Score
0.035
Published
2017-11-21
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-21
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-21
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-21
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-21
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-21
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-21
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-21
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
CVSS Score
7.2
EPSS Score
0.019
Published
2017-11-21
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-11-21