Script http-vuln-cve2017-5689
Script types:
portrule
Categories:
vuln, auth, exploit
Download: https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5689.nse
Script Summary
Detects if a system with Intel Active Management Technology is vulnerable to the INTEL-SA-00075 privilege escalation vulnerability (CVE2017-5689).
This script determines if a target is vulnerable by attempting to perform digest authentication with a blank response parameter. If the authentication succeeds, a HTTP 200 response is received.
References:
Script Arguments
- slaxml.debug
See the documentation for the slaxml library.
- http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
- vulns.short, vulns.showall
See the documentation for the vulns library.
Example Usage
nmap -p 16992 --script http-vuln-cve2017-5689 <target>
Script Output
PORT STATE SERVICE REASON 16992/tcp open amt-soap-http syn-ack | http-vuln-cve2017-5689: | VULNERABLE: | Intel Active Management Technology INTEL-SA-00075 Authentication Bypass | State: VULNERABLE | IDs: CVE:CVE-2017-5689 BID:98269 | Risk factor: High CVSSv2: 10.0 (HIGH) (AV:N/AC:L/AU:N/C:C/I:C/A:C) | Intel Active Management Technology is vulnerable to an authentication bypass that | can be exploited by performing digest authentication and sending a blank response | digest parameter. | | Disclosure date: 2017-05-01 | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5689 | https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr | http://www.securityfocus.com/bid/98269 | https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf | https://www.embedi.com/news/what-you-need-know-about-intel-amt-vulnerability |_ https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html