CVE-2017-5705 Intel Management Engine Multiple Privilege Escalation And Buffer Overflow Vulnerabilities

漏洞类别:General remote services



The following buffer overflow and privilege escalation conditions exist in Intel Management Engine (ME):
CVE-2017-5705: Multiple buffer overflows allow attacker with local access to the system to execute arbitrary code.
CVE-2017-5708: Multiple privilege escalations in kernel allow unauthorized process to access privileged content via unspecified vector.

Affected Versions:
Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20

QID Detection Logic (Un-authenticated):
Intel ME when enabled exposes its version remotely on TCP ports 16992, 16993. This QID matches vulnerable versions based on the exposed information.


Successful exploitation allows a remote attacker to execute arbitrary code on a targeted system.


Customers are advised to refer to INTEL-SA-00086 for information pertaining to remediating this vulnerability.

Following are links for downloading patches to fix the vulnerabilities:


Leave a Reply