9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.
CWE-284: Improper Access Control - CVE-2017-5689
Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intelยฎ Active Management Technology (AMT), Intelยฎ Small Business Technology (SBT), and Intelยฎ Standard Manageability, and the Intel Management Engine.
These technologies listen for remote commands on several known ports. Intelโs documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.
The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.
It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis. The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default. Intelโs security advisory at present suggests consumer personal computers are unaffected by default. The โVendor Informationโ section below contains more information.
A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.
Apply a firmware update
Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intelโs advisory and check with your hardware vendor for a customized firmware update for your product.
Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.
491375
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 02, 2017 Updated: May 09, 2017
Statement Date: May 06, 2017
Affected
Dell is aware of the industry-wide Intel Active Management Technology vulnerability described in the Intel Security Center advisory here. We are diligently working on mitigation and will release firmware update details for these products as they become available. In the meantime, Dell recommends that customers with immediate security concerns about the vulnerability review Intelโs published Detection Guide and Mitigation Guide in addition to following best practices for securing internal networks and protecting systems from unauthorized physical access.
Dell would like to thank those in the security community whose efforts help us protect customers through coordinated vulnerability disclosure.
Please note, there are no known exploitations of this vulnerability reported to date.
Dell initially released the above reaction, and has since released two white papers (one white paper for laptops and desktops and one white paper for servers) with details on affected products and anticipated release dates for updated firmware. Updated firmware will begin being released on May 17th, 2017, depending on the product.
Notified: May 02, 2017 Updated: May 15, 2017
Affected
We have not received a statement from the vendor.
F5 has released a security advisory on the issue, but has concluded that no F5 product is affected by the vulnerability.
Notified: May 04, 2017 Updated: May 11, 2017
Affected
We have not received a statement from the vendor.
Fujitsu has released a security advisory and updated firmware for its products. Please see the list of affected products for more details.
Updated: May 08, 2017
Affected
We have not received a statement from the vendor.
HP Inc. has released an advisory with a list of affected products.
Notified: May 02, 2017 Updated: May 05, 2017
Statement Date: May 05, 2017
Affected
We have not received a statement from the vendor.
Current status is that some HPE products are impacted, HPE is still assessing the total impact and will update the advisory at the link below as more information is available.
Updated: May 02, 2017
Affected
We have not received a statement from the vendor.
Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intelโs advisory and check with your hardware vendor for a firmware update.
Intel also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.
Notified: May 02, 2017 Updated: May 08, 2017
Statement Date: May 02, 2017
Affected
We have not received a statement from the vendor.
Some models of ThinkCentre, ThinkPad, ThinkServer, and ThinkStation are affected, with updated firmware expected in mid-May 2017 or June 2017 depending on model. Please see Lenovoโs advisory below for more details.
Notified: May 22, 2017 Updated: June 27, 2017
Statement Date: June 26, 2017
Affected
Several Intel processors (Intel Core i5, Intel Core i7 and Intel XEON) are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial
Products use Intel technology, they are also affected. Siemens has released updates for various products, is working on updates for the remaining affected products and recommends specific mitigations until fixes are available. (Please see security advisory SSA-874235 for more information).
Siemens has released security advisory SSA-874235 regarding this vulnerability.
Updated: May 22, 2017
Statement Date: May 19, 2017
Affected
We have not received a statement from the vendor.
Toshiba has released a security advisory with details about affected products. Patches for some systems are available now, with all affected systems expected to receive an update by July 2017.
Notified: May 02, 2017 Updated: June 05, 2017
Statement Date: June 04, 2017
Not Affected
Check Point appliances are not affected by the Intel Vulnerability which affects the Intel AMT, SBT and ISM technology management features:
* The built-in firmware on the Check Point appliances does not have these Intel management features
* Check Point appliances do not provide a physical means to access / enable the Intel management technologies noted as a vulnerability
We are not aware of further vendor information regarding this vulnerability.
* [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk117218](<https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk117218>)
Notified: May 02, 2017 Updated: May 03, 2017
Statement Date: May 03, 2017
Not Affected
We have been evaluating this issue, and it has been determined that Cisco UCS Servers both Blade and Chassis variants are NOT affected by this issue. Cisco UCS Servers utilize Intel Server Platform Services (SPS) and not AMT, ISM, or SBT. We have confirmed with Intel that SPS is not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2017 Updated: December 21, 2017
Statement Date: December 20, 2017
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
Notified: May 02, 2017 Updated: May 02, 2017
Unknown
We have not received a statement from the vendor.
View all 40 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.3 | E:POC/RL:OF/RC:C |
Environmental | 5.5 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2017-5689 |
---|---|
Date Public: | 2017-05-01 Date First Published: |
cwe.mitre.org/data/definitions/284.html
download.intel.com/support/motherboards/desktop/sb/intel_mebx_user_guide_for_7series.pdf
downloadcenter.intel.com/download/26754
security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf
www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
www.ssh.com/vulnerability/intel-amt/
www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required
www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%