{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 10.x ant\u00e9rieures \u00e0 10.0.55.3000","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}},{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 9.5.x ant\u00e9rieures \u00e0 9.5.61.3012","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}},{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 6.x ant\u00e9rieures \u00e0 6.2.61.3535","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}},{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 8.x ant\u00e9rieures \u00e0 8.1.71.3608","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}},{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 7.x ant\u00e9rieures \u00e0 7.1.91.3272","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}},{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 11.5.x et 11.6.x ant\u00e9rieures \u00e0 11.6.27.3264","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}},{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 9.0.x et 9.1.x ant\u00e9rieures \u00e0 9.1.41.3024","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}},{"description":"Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), et Intel Small Business Technology versions 11.0.x ant\u00e9rieures \u00e0 11.0.25.3001","product":{"name":"N/A","vendor":{"name":"Intel","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2017-5689","url":"https://www.cve.org/CVERecord?id=CVE-2017-5689"}],"links":[{"title":"1 Guide Intel","url":"https://communities.intel.com/docs/DOC-5693"},{"title":"2 Contre-mesures Intel","url":"https://downloadcenter.intel.com/download/26754"}],"reference":"CERTFR-2017-AVI-136","revisions":[{"description":"version initiale.","revision_date":"2017-05-02T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans <span class=\"textit\">les\nmicrologiciels Intel</span>. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n\nLa vuln\u00e9rabilit\u00e9 impacte le composant Advanced Management Technology\n(AMT) des micro-logiciels Intel vuln\u00e9rables. AMT est une technologie\nIntel permettant d'administrer (surveiller la disponibilit\u00e9, mettre \u00e0\njour, red\u00e9marrer, etc.) des syst\u00e8mes \u00e0 distance via un canal de\ncommunication s\u00e9par\u00e9 du syst\u00e8me d'exploitation. Les produits ISM (Intel\nStandard Manageability) et SBT (Small Business Technology) permettent\nd'acc\u00e9der \u00e0 un sous ensemble des fonctionnalit\u00e9s AMT.\n\nLes produits AMT et ISM exposent la fonctionnalit\u00e9 vuln\u00e9rable sur le\nr\u00e9seau et permettraient \u00e0 un attaquant la prise de contr\u00f4le \u00e0 distance\nd'un syst\u00e8me sans authentification au pr\u00e9alable.\n\nD'autre part, un attaquant ayant un acc\u00e8s local au syst\u00e8me vuln\u00e9rable\npourrait \u00e9lever ses privil\u00e8ges en exploitant cette vuln\u00e9rabilit\u00e9.\n\nIntel a mis \u00e0 disposition un guide permettant d'identifier si un syst\u00e8me\nest vuln\u00e9rable \\[1\\] ainsi qu'une proc\u00e9dure proposant des contre-mesures\nlorsque la mise \u00e0 jour n'est pas disponible pour le composant impact\u00e9\n\\[2\\].\n","title":"Vuln\u00e9rabilit\u00e9 dans les micrologiciels Intel","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00075 du 01 mai 2017","url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr"}]}