Login Sign Up

CVE-2017-5689

9.8 CRITICAL

📋 TL;DR

CVE-2017-5689 allows unprivileged attackers to gain system-level access to Intel management features. Both network and local attackers can exploit this to provision Intel Active Management Technology (AMT), Standard Manageability (ISM), or Small Business Technology (SBT). This affects systems with Intel vPro, Xeon, and Core processors with these management features enabled.

💻 Affected Systems

Products:
  • Intel Active Management Technology (AMT)
  • Intel Standard Manageability (ISM)
  • Intel Small Business Technology (SBT)
Versions: Versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, 11.6, 11.7, 11.8, 11.9, 11.10, 11.11
Operating Systems: All operating systems running on affected Intel hardware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Intel management features to be provisioned/enabled. Affects Intel Core vPro, Xeon E3 v5/v6, and other Intel processors with AMT/ISM/SBT.

📦 What is this software?

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Active Management Technology Firmware by Intel

View all CVEs affecting Active Management Technology Firmware →

Proliant Ml10 Gen9 Server Firmware by Hpe

View all CVEs affecting Proliant Ml10 Gen9 Server Firmware →

Simatic Field Pg M3 Firmware by Siemens

View all CVEs affecting Simatic Field Pg M3 Firmware →

Simatic Field Pg M4 Firmware by Siemens

View all CVEs affecting Simatic Field Pg M4 Firmware →

Simatic Field Pg M5 Firmware by Siemens

View all CVEs affecting Simatic Field Pg M5 Firmware →

Simatic Ipc427d Firmware by Siemens

View all CVEs affecting Simatic Ipc427d Firmware →

Simatic Ipc427e Firmware by Siemens

View all CVEs affecting Simatic Ipc427e Firmware →

Simatic Ipc477d Firmware by Siemens

View all CVEs affecting Simatic Ipc477d Firmware →

Simatic Ipc477d Firmware by Siemens

View all CVEs affecting Simatic Ipc477d Firmware →

Simatic Ipc477e Firmware by Siemens

View all CVEs affecting Simatic Ipc477e Firmware →

Simatic Ipc547d Firmware by Siemens

View all CVEs affecting Simatic Ipc547d Firmware →

Simatic Ipc547e Firmware by Siemens

View all CVEs affecting Simatic Ipc547e Firmware →

Simatic Ipc547g Firmware by Siemens

View all CVEs affecting Simatic Ipc547g Firmware →

Simatic Ipc627c Firmware by Siemens

View all CVEs affecting Simatic Ipc627c Firmware →

Simatic Ipc627d Firmware by Siemens

View all CVEs affecting Simatic Ipc627d Firmware →

Simatic Ipc627d Firmware by Siemens

View all CVEs affecting Simatic Ipc627d Firmware →

Simatic Ipc647c Firmware by Siemens

View all CVEs affecting Simatic Ipc647c Firmware →

Simatic Ipc647d Firmware by Siemens

View all CVEs affecting Simatic Ipc647d Firmware →

Simatic Ipc677c Firmware by Siemens

View all CVEs affecting Simatic Ipc677c Firmware →

Simatic Ipc677d Firmware by Siemens

View all CVEs affecting Simatic Ipc677d Firmware →

Simatic Ipc677d Firmware by Siemens

View all CVEs affecting Simatic Ipc677d Firmware →

Simatic Ipc827c Firmware by Siemens

View all CVEs affecting Simatic Ipc827c Firmware →

Simatic Ipc827d Firmware by Siemens

View all CVEs affecting Simatic Ipc827d Firmware →

Simatic Ipc847c Firmware by Siemens

View all CVEs affecting Simatic Ipc847c Firmware →

Simatic Ipc847d Firmware by Siemens

View all CVEs affecting Simatic Ipc847d Firmware →

Simatic Itp1000 Firmware by Siemens

View all CVEs affecting Simatic Itp1000 Firmware →

Simatic Pcs 7 Ipc427e Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc427e Firmware →

Simatic Pcs 7 Ipc427e Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc427e Firmware →

Simatic Pcs 7 Ipc477d Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc477d Firmware →

Simatic Pcs 7 Ipc547d Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc547d Firmware →

Simatic Pcs 7 Ipc547e Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc547e Firmware →

Simatic Pcs 7 Ipc547g Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc547g Firmware →

Simatic Pcs 7 Ipc547g Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc547g Firmware →

Simatic Pcs 7 Ipc627c Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc627c Firmware →

Simatic Pcs 7 Ipc647c Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc647c Firmware →

Simatic Pcs 7 Ipc647d Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc647d Firmware →

Simatic Pcs 7 Ipc677c Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc677c Firmware →

Simatic Pcs 7 Ipc847c Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc847c Firmware →

Simatic Pcs 7 Ipc847d Firmware by Siemens

View all CVEs affecting Simatic Pcs 7 Ipc847d Firmware →

Simotion P320 4 S Firmware by Siemens

View all CVEs affecting Simotion P320 4 S Firmware →

Sinumerik Pcu50.5 P Firmware by Siemens

View all CVEs affecting Sinumerik Pcu50.5 P Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote attackers to execute arbitrary code, persist across reboots, and bypass all security controls including firewalls and endpoint protection.

🟠

Likely Case

Attackers gain persistent remote access to systems, allowing data exfiltration, ransomware deployment, or joining systems to botnets.

🟢

If Mitigated

With AMT/ISM/SBT disabled or properly configured with strong authentication, impact is limited to local privilege escalation only.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication over HTTP/HTTPS on ports 16992-16995.
🏢 Internal Only: HIGH - Local attackers can exploit to gain network/system privileges even without internet access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit tools like 'Silent Bob is Silent' and 'Intel AMT Vulnerability Checker' are publicly available. Attack requires network access to AMT web interface ports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Intel ME Firmware versions 11.8.50, 11.11.50, 11.22.50 or later

Vendor Advisory: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf

Restart Required: Yes

Instructions:

1. Download Intel ME Firmware update from manufacturer/OEM website. 2. Run firmware update utility. 3. Reboot system. 4. Verify ME firmware version is patched.

🔧 Temporary Workarounds

Disable Intel AMT/ISM/SBT

all

Disable Intel management features in BIOS/UEFI settings

Block AMT network ports

all

Block ports 16992-16995 at firewall

iptables -A INPUT -p tcp --dport 16992:16995 -j DROP
netsh advfirewall firewall add rule name="Block Intel AMT" dir=in action=block protocol=TCP localport=16992-16995

🧯 If You Can't Patch

  • Disable Intel AMT/ISM/SBT in BIOS/UEFI settings immediately
  • Implement strict network segmentation and firewall rules blocking ports 16992-16995

🔍 How to Verify

Check if Vulnerable:

Use Intel-SA-00075 Detection Tool or check ME firmware version with 'wmic /namespace:\\root\wmi path Intel_ME_SystemInfo get FirmwareVersion' on Windows or 'dmidecode -t bios' on Linux

Check Version:

wmic /namespace:\\root\wmi path Intel_ME_SystemInfo get FirmwareVersion

Verify Fix Applied:

Verify ME firmware version is 11.8.50, 11.11.50, 11.22.50 or later using same commands

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts on AMT web interface
  • Unexpected provisioning events in Intel ME logs
  • System logs showing AMT configuration changes

Network Indicators:

  • Unusual traffic on ports 16992-16995
  • HTTP/HTTPS requests to AMT web interface from unexpected sources
  • AMT provisioning requests

SIEM Query:

source_port IN (16992, 16993, 16994, 16995) OR dest_port IN (16992, 16993, 16994, 16995)

📊 Metadata

CVE ID: CVE-2017-5689
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: May 2, 2017
Last Updated: October 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-5689, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)