Standard Manageability
by Intel
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5689 | Cri | 0.86 | 9.8 | 0.94 | KEV | May 2, 2017 | An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged… | |
| CVE-2025-32008 | Hig | 0.56 | 8.6 | 0.00 | Feb 10, 2026 | Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This… | ||
| CVE-2024-38307 | Hig | 0.50 | 7.7 | 0.00 | Feb 12, 2025 | Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access. | ||
| CVE-2025-20080 | Med | 0.44 | 6.8 | 0.00 | Feb 10, 2026 | Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. This result… | ||
| CVE-2023-38655 | Med | 0.44 | 6.8 | 0.00 | Aug 14, 2024 | Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access. | ||
| CVE-2025-22392 | Med | 0.29 | 4.4 | 0.00 | Aug 12, 2025 | Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. | ||
| CVE-2017-5698 | Med | 0.29 | 4.4 | 0.00 | Sep 5, 2017 | Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be… | ||
| CVE-2024-26021 | Low | 0.15 | 2.3 | 0.00 | Feb 12, 2025 | Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | ||
| CVE-2022-30944 | 0.00 | — | 0.00 | Aug 18, 2022 | Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | |||
| CVE-2022-28697 | 0.00 | — | 0.00 | Aug 18, 2022 | Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||
| CVE-2022-30601 | 0.00 | — | 0.02 | Aug 18, 2022 | Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. |
- risk 0.86cvss 9.8epss 0.94
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged…
- risk 0.56cvss 8.6epss 0.00
Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This…
- risk 0.50cvss 7.7epss 0.00
Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access.
- risk 0.44cvss 6.8epss 0.00
Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. This result…
- risk 0.44cvss 6.8epss 0.00
Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.
- risk 0.29cvss 4.4epss 0.00
Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access.
- risk 0.29cvss 4.4epss 0.00
Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be…
- risk 0.15cvss 2.3epss 0.00
Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2022-30944Aug 18, 2022risk 0.00cvss —epss 0.00
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2022-28697Aug 18, 2022risk 0.00cvss —epss 0.00
Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
- CVE-2022-30601Aug 18, 2022risk 0.00cvss —epss 0.02
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.