CVE-2017-5697

Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.

Published: Jun 14, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-5697
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-1021
CWE-20

Affected Software
References

Software	From	Fixed in
intel / active_management_technology_firmware	9.1	9.1.40.1000
intel / active_management_technology_firmware	9.5	9.5.60.1952
intel / active_management_technology_firmware	10.0	10.0.50.1004
intel / active_management_technology_firmware	11.0	11.0.0.1205
intel / active_management_technology_firmware	11.6	11.6.25.1129

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00081&languageid=en-fr

Vulnerability Database

CVE-2017-5697

Deep Security Visibility Without the Complexity