CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
69.4%
The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and, according to its self-reported version, is a version containing multiple vulnerabilities, including the following:
Insufficiently protected credentials for Intel® AMT and Intel® Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. (CVE-2022-30601)
Insufficiently protected credentials for Intel® AMT and Intel® Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. (CVE-2022-30944)
Improper access control in firmware for Intel® AMT and Intel® Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.(CVE-2022-28697)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
Binary data wmi_INTEL-SA-00709.nbin