Vulnerabilities > Intel > Active Management Technology Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-17 | CVE-2019-0097 | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. | 4.9 |
| 2019-05-17 | CVE-2019-0094 | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access. | 4.3 |
| 2019-05-17 | CVE-2019-0092 | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
| 2019-03-14 | CVE-2018-12187 | Improper Input Validation vulnerability in Intel Active Management Technology Firmware 11.0/11.10/11.20 Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access. | 5.0 |
| 2018-09-12 | CVE-2018-3658 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. | 5.3 |
| 2018-09-12 | CVE-2018-3657 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access. | 6.7 |
| 2018-09-12 | CVE-2018-3616 | Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network. | 5.9 |
| 2017-09-05 | CVE-2017-5698 | Unspecified vulnerability in Intel products Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. | 4.4 |
| 2017-06-14 | CVE-2017-5697 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Intel Active Management Technology Firmware Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. | 6.5 |