VYPR

Active Management Technology Firmware

by Intel

CVEs (17)

  • CVE-2017-5689CriKEVMay 2, 2017
    risk 0.86cvss 9.8epss 0.92

    An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged…

  • CVE-2018-3628HigJul 10, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

  • CVE-2017-5711HigNov 21, 2017
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

  • CVE-2024-38307HigFeb 12, 2025
    risk 0.50cvss 7.7epss 0.01

    Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access.

  • CVE-2017-5729HigNov 21, 2017
    risk 0.48cvss 7.4epss 0.01

    Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle.

  • CVE-2017-5712HigNov 21, 2017
    risk 0.47cvss 7.2epss 0.04

    Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

  • CVE-2018-3632MedJul 10, 2018
    risk 0.44cvss 6.7epss 0.00

    Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.

  • CVE-2018-3629MedJul 10, 2018
    risk 0.42cvss 6.5epss 0.01

    Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet.

  • CVE-2017-5697MedJun 14, 2017
    risk 0.42cvss 6.5epss 0.01

    Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.

  • CVE-2018-3616MedSep 12, 2018
    risk 0.39cvss 5.9epss 0.02

    Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.

  • CVE-2025-22392MedAug 12, 2025
    risk 0.29cvss 4.4epss 0.00

    Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access.

  • CVE-2017-5698MedSep 5, 2017
    risk 0.29cvss 4.4epss 0.00

    Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be…

  • CVE-2022-30601Aug 18, 2022
    risk 0.00cvss epss 0.01

    Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

  • CVE-2022-28697Aug 18, 2022
    risk 0.00cvss epss 0.00

    Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2021-33068Feb 9, 2022
    risk 0.00cvss epss 0.01

    Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.

  • CVE-2019-11132Dec 18, 2019
    risk 0.00cvss epss 0.01

    Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.

  • CVE-2018-12187Mar 14, 2019
    risk 0.00cvss epss 0.01

    Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.