var-201706-0438
Vulnerability from variot
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. Intel Active Management Technology is prone to a clickjacking vulnerability. Successfully exploiting this issue may allow attackers to gain unauthorized access to the affected application or obtain sensitive information. Other attacks are also possible. Intel Active Management Technology firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205 are vulnerable. Web User Interface is one of the Web management interfaces. The following versions are affected: Intel AMT firmware prior to 9.1.40.1000, prior to 9.5.60.1952, prior to 10.0.50.1004, prior to 11.0.0.1205, prior to 11.6.25.1129
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.6.25.1129"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "9.5.60.1952"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "9.1"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "10.0.50.1004"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "11.6"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "10.0"
},
{
"model": "active management technology",
"scope": "gte",
"trust": 1.0,
"vendor": "intel",
"version": "9.5"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "11.0.0.1205"
},
{
"model": "active management technology",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "9.1.40.1000"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "9.5"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "9.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.9,
"vendor": "intel",
"version": "10.0"
},
{
"model": "intel active management technology",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "intel active management technology",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "intel active management technology firmware"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "11.6"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.60.1952"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.40.100"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.0.1205"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.0.50.1004"
}
],
"sources": [
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo",
"sources": [
{
"db": "BID",
"id": "99064"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5697",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-5697",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-113900",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-5697",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-5697",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5697",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-5697",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-608",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113900",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker\u0027s crafted web page. Intel Active Management Technology is prone to a clickjacking vulnerability. \nSuccessfully exploiting this issue may allow attackers to gain unauthorized access to the affected application or obtain sensitive information. Other attacks are also possible. \nIntel Active Management Technology firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205 are vulnerable. Web User Interface is one of the Web management interfaces. The following versions are affected: Intel AMT firmware prior to 9.1.40.1000, prior to 9.5.60.1952, prior to 10.0.50.1004, prior to 11.0.0.1205, prior to 11.6.25.1129",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5697"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "VULHUB",
"id": "VHN-113900"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5697",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608",
"trust": 0.7
},
{
"db": "BID",
"id": "99064",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-113900",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"id": "VAR-201706-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:05:25.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00081",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00081\u0026languageid=en-fr"
},
{
"title": "Intel AMT firmware Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71495"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.0
},
{
"problemtype": "Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00081\u0026languageid=en-fr"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5697"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00081\u0026amp;languageid=en-fr"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113900"
},
{
"db": "BID",
"id": "99064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-113900"
},
{
"date": "2017-06-05T00:00:00",
"db": "BID",
"id": "99064"
},
{
"date": "2017-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"date": "2017-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"date": "2017-06-14T12:29:00.177000",
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-113900"
},
{
"date": "2017-06-05T00:00:00",
"db": "BID",
"id": "99064"
},
{
"date": "2024-02-26T01:30:00",
"db": "JVNDB",
"id": "JVNDB-2017-004925"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-608"
},
{
"date": "2024-11-21T03:28:14.573000",
"db": "NVD",
"id": "CVE-2017-5697"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel\u00a0AMT\u00a0 firmware \u00a0Web\u00a0User\u00a0Interface\u00a0 Vulnerability that allows user\u0027s web click operations to be hijacked in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004925"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-608"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.