Cómo es de público conocimiento, las recientemente descubiertas vulnerabilidades del firmware de Intel afectan muchos procesadores pero no a todos, incluso dentro de la misma gama de productos. Es por eso que el fabricante liberó una herramienta para ejecutarse en entornos Windows y Linux.
Los CVEs del caso son
Los CVEs del caso son
CVE ID
|
CVE Title
|
CVSSv3 Vectors
|
CVE-2017-5705
|
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
|
8.2 High
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CVE-2017-5708
|
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
|
7.5 High
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
|
CVE-2017-5711
|
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
|
6.7 Moderate
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CVE-2017-5712
|
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
|
7.2 High
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
Comentarios
Publicar un comentario