Intel Active Management Technology (AMT) Web UI Clickjacking Weakness (INTEL-SA-00081) (remote check)

Medium Nessus Plugin ID 101165


The management engine on the remote host is affected by a clickjacking weakness.


The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and according to its self-reported version in the banner, it is running Intel manageability firmware version 9.0.x or 9.1.x prior to, 9.5.x prior to, 10.0.x prior to, 11.0.x prior to, or 11.6.x prior to It is, therefore, affected by a clickjacking weakness in the web user interface due to a failure to conceal hyperlinks beneath legitimate, clickable content using opaque overlays. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to make users perform unintended actions or to hijack users' web clicks.


Contact your system OEM for updated firmware per the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 101165

File Name: intel_sa_00081.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Web Servers

Published: 2017/06/30

Modified: 2017/08/15

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 6.5

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/h:intel:active_management_technology, cpe:/o:intel:active_management_technology_firmware

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/06/13

Vulnerability Publication Date: 2017/06/13

Reference Information

CVE: CVE-2017-5697

BID: 99064

OSVDB: 159118

IAVA: 2017-A-0186