CVE DATABASE / CVE-2017-5689

CVE-2017-5689

Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability

CVSS 9.8 · CRITICAL ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-01-28. Federal remediation due 2022-07-28.
Required action: Apply updates per vendor instructions.

Summary

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

CVSS 3.1 breakdown

Base score	9.8 (CRITICAL)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-269

Affected products

Hpe proliant ml10 gen9 server firmwareHpe proliant ml10 gen9 serverSiemens simatic itp1000 firmwareSiemens simatic itp1000Siemens simatic ipc847d firmwareSiemens simatic ipc847dSiemens simatic ipc847c firmwareSiemens simatic ipc847cSiemens simatic ipc827d firmwareSiemens simatic ipc827dSiemens simatic ipc827c firmwareSiemens simatic ipc827cSiemens simatic ipc677d firmwareSiemens simatic ipc677dSiemens simatic ipc677c firmwareSiemens simatic ipc677cSiemens simatic ipc647d firmwareSiemens simatic ipc647dSiemens simatic ipc647c firmwareSiemens simatic ipc647c

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-04-22. Always verify against the vendor advisory before acting.