Intel AMT Clickjacking Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-14005

Potential Impact: Information Disclosure

Severity: Medium

**Scope of Impact:**Industry-Wide

**CVE Identifier:**CVE-2017-5697

Summary Description:

Insufficient clickjacking protection in the Web User Interface of Intel® AMT firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205 allow a remote attacker to hijack users’ web clicks by concealing hyperlinks beneath legitimate clickable content via an attacker’s crafted web page.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update AMT firmware to the latest level available for your system.

Product Impact:

Intel AMT firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205

Product Impact: