CVE-2017-5689

CRITICAL KEV NUCLEI

Intel AMT Digest Authentication Bypass Scanner

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2017-5689 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 28, 2022. EIP tracks 9 public exploits from researchers including nixawk, qazbnm456, embedi, including a Metasploit module auxiliary/scanner/http/intel_amt_digest_bypass. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Intel AMT by manipulating the WWW-Authenticate header to gain unauthorized access to the web interface or WS-Management service. It sends crafted HTTP requests with modified Digest authentication headers to bypass authentication and achieve a 200 OK response.

Description

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

Exploits (9)

exploitdb WORKING POC
by nixawk · pythonremotemultiple
https://www.exploit-db.com/exploits/43385

This exploit demonstrates an authentication bypass vulnerability in Intel AMT by manipulating the WWW-Authenticate header to gain unauthorized access to the web interface or WS-Management service. It sends crafted HTTP requests with modified Digest authentication headers to bypass authentication and achieve a 200 OK response.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intel Active Management Technology (AMT) versions 6.x to 11.6
No auth needed
Prerequisites: Network access to the target system on ports 623, 664, 16992, 16993, 16994, or 16995 · Intel AMT service running on the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC 3,480 stars
by qazbnm456 · poc
https://github.com/qazbnm456/awesome-cve-poc/tree/master/CVE-2017-5689.md

The repository contains a functional Python PoC for CVE-2017-5689, an authentication bypass vulnerability in Intel AMT. The script exploits a flaw in the Digest Authentication mechanism by crafting a malicious Authorization header to bypass authentication and gain unauthorized access.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intel Active Management Technology (AMT) firmware versions before 6.x, 7.x, 8.x, 9.x, 10.x, 11.0.x, 11.5.x, and 11.6.x
No auth needed
Prerequisites: Network access to the target Intel AMT interface (port 16992 by default)
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 57 stars
by embedi · client-side
https://github.com/embedi/amt_auth_bypass_poc

This PoC demonstrates an authentication bypass in Intel AMT by manipulating the Authorization header in HTTP requests. It uses a mitmproxy script to blank the 'response' field in the Authorization header, exploiting CVE-2017-5689.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intel Active Management Technology (AMT) firmware versions before 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6
No auth needed
Prerequisites: Access to the target network to intercept traffic · mitmproxy installed and configured
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 39 stars
by CerberusSecurity · poc
https://github.com/CerberusSecurity/CVE-2017-5689

This repository contains a detection script for CVE-2017-5689, which scans for vulnerable Intel Active Management Technology (AMT) versions. The script checks for specific server banners and versions that are known to be vulnerable.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Intel Active Management Technology (AMT) versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.x
No auth needed
Prerequisites: Network access to the target IP address or range
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 14 stars
by xbl3 · poc
https://github.com/xbl3/awesome-cve-poc_qazbnm456/tree/master/CVE-2017-5689.md

The repository contains a functional Python PoC for CVE-2017-5689, an authentication bypass vulnerability in Intel AMT. The script exploits a flaw in the Digest Authentication mechanism by crafting a malicious Authorization header to gain unauthorized access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intel AMT (Active Management Technology)
No auth needed
Prerequisites: Network access to the target Intel AMT interface (port 16992)
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 3 stars
by Bijaye · remote
https://github.com/Bijaye/intel_amt_bypass

This PoC exploits CVE-2017-5689, an authentication bypass vulnerability in Intel AMT. It crafts a malicious Digest authentication header to bypass authentication and gain unauthorized access to the AMT web interface.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intel Active Management Technology (AMT) firmware versions before 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6
No auth needed
Prerequisites: Network access to the Intel AMT interface (typically port 16992) · Intel AMT enabled and accessible on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by MlSebrell · poc
https://github.com/MlSebrell/amthoneypot

This repository contains a honeypot implementation for CVE-2017-5689, an authentication bypass vulnerability in Intel AMT firmware. The server emulates Intel AMT behavior on port 16992, logging requests and mimicking the vulnerable authentication mechanism.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Intel Active Management Technology (AMT) 9.1.34
No auth needed
Prerequisites: Network access to target port 16992 · Intel AMT firmware with CVE-2017-5689 vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by TheWay-hue · remote
https://github.com/TheWay-hue/CVE-2017-5689-Checker

This repository contains a Python script that checks for and exploits CVE-2017-5689, an authentication bypass vulnerability in Intel AMT. The script sends a crafted WWW-Authenticate header to bypass authentication and verify vulnerability.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intel Active Management Technology (AMT) versions before 11.8.50, 11.11.50, 11.22.50, and 12.0.35
No auth needed
Prerequisites: List of target IPs with Intel AMT exposed on port 16992
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/intel_amt_digest_bypass.rb

This Metasploit module exploits CVE-2017-5689, an authentication bypass in Intel AMT by sending a blank HTTP digest response. It scans for vulnerable endpoints and confirms exploitation by retrieving system information.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intel Active Management Technology (AMT)
No auth needed
Prerequisites: Network access to Intel AMT endpoint (ports 16992, 16993, 623, or 624)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Intel Active Management - Authentication Bypass
CRITICALVERIFIEDby pdteam
Shodan: title:"Active Management Technology" || http.title:"active management technology"
FOFA: title="active management technology"

References (12)

Core 12
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98269
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038385
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20170509-0001/
Broken Link, Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
Patch, Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Broken Link, Third Party Advisory x_refsource_misc
https://www.embedi.com/news/mythbusters-cve-2017-5689
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf

Scores

CVSS v3 9.8
EPSS 0.9419
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-01-28
VulnCheck KEV 2021-08-17
InTheWild.io 2022-01-28
ENISA EUVD EUVD-2017-14766
CWE
CWE-269
Status published
Products (49)
hpe/proliant_ml10_gen9_server_firmware 5.0
intel/active_management_technology_firmware 6.0
intel/active_management_technology_firmware 6.1
intel/active_management_technology_firmware 6.2
intel/active_management_technology_firmware 7.0
intel/active_management_technology_firmware 7.1
intel/active_management_technology_firmware 8.0
intel/active_management_technology_firmware 8.1
intel/active_management_technology_firmware 9.0
intel/active_management_technology_firmware 9.1
... and 39 more
Published May 02, 2017
KEV Added Jan 28, 2022
Tracked Since Feb 18, 2026