CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%
On May 1st, 2017, Intel released a security advisory titled Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege, also known as INTEL-SA-00075. The advisory details a vulnerability in the Intel Active Management (AMT), Intel Small Business (ISB), and Intel Standard Manageability (ISM) firmware modules included with some Intel-based platforms.
The Cisco PSIRT Team has investigated the impact of this vulnerability on Cisco products and determined that no Cisco products are affected.
Additional Information
Additional information about the vulnerability can be found at the following links:
Intel Security Advisory: Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege [“https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr”]
Cisco Multivendor Security Alert: Intel Active Management Technology Privilege Escalation Vulnerability [“https://sec.cloudapps.cisco.com/security/center/viewAlert.x?alertId=53677”]
US-CERT Vulnerability Note: VU#491375 [“http://www.kb.cert.org/vuls/id/491375”]
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on the Cisco worldwide website at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html [“https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html”]. This includes instructions for press inquiries regarding Cisco security advisories. All Cisco security advisories are available at http://www.cisco.com/go/psirt [“http://www.cisco.com/go/psirt”].
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
99.9%