CVE-2017-5697 Information

Description

Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000 9.5.60.1952 10.0.50.1004 11.0.0.1205 and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker’s crafted web page.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00081&languageid=en-fr

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5