Lucene search

CERTVU:491375

HistoryMay 02, 2017 - 12:00 a.m.

Intel Active Management Technology (AMT) does not properly enforce access control

2017-05-0200:00:00

www.kb.cert.org

123

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Overview

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.

Description

CWE-284: Improper Access Control - CVE-2017-5689

Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.

These technologies listen for remote commands on several known ports. Intel’s documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.

The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.

It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis. The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default. Intel’s security advisory at present suggests consumer personal computers are unaffected by default. The “Vendor Information” section below contains more information.

Impact

A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.

Solution

Apply a firmware update

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel’s advisory and check with your hardware vendor for a customized firmware update for your product.

Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor Information

491375

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Dell __ Affected

Notified: May 02, 2017 Updated: May 09, 2017

Statement Date: May 06, 2017

Status

Affected

Vendor Statement

Dell is aware of the industry-wide Intel Active Management Technology vulnerability described in the Intel Security Center advisory here. We are diligently working on mitigation and will release firmware update details for these products as they become available. In the meantime, Dell recommends that customers with immediate security concerns about the vulnerability review Intel’s published Detection Guide and Mitigation Guide in addition to following best practices for securing internal networks and protecting systems from unauthorized physical access.

Dell would like to thank those in the security community whose efforts help us protect customers through coordinated vulnerability disclosure.

Please note, there are no known exploitations of this vulnerability reported to date.

Vendor Information

Dell initially released the above reaction, and has since released two white papers (one white paper for laptops and desktops and one white paper for servers) with details on affected products and anticipated release dates for updated firmware. Updated firmware will begin being released on May 17th, 2017, depending on the product.

Vendor References

F5 Networks, Inc. __ Affected

Notified: May 02, 2017 Updated: May 15, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

F5 has released a security advisory on the issue, but has concluded that no F5 product is affected by the vulnerability.

Vendor References

<https://support.f5.com/csp/article/K94700053>

Fujitsu __ Affected

Notified: May 04, 2017 Updated: May 11, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Fujitsu has released a security advisory and updated firmware for its products. Please see the list of affected products for more details.

Vendor References

HP Inc. __ Affected

Updated: May 08, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

HP Inc. has released an advisory with a list of affected products.

Vendor References

<http://www8.hp.com/us/en/intelmanageabilityissue.html>

Hewlett Packard Enterprise __ Affected

Notified: May 02, 2017 Updated: May 05, 2017

Statement Date: May 05, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Current status is that some HPE products are impacted, HPE is still assessing the total impact and will update the advisory at the link below as more information is available.

Vendor References

Intel Corporation __ Affected

Updated: May 02, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Intel also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor References

Lenovo __ Affected

Notified: May 02, 2017 Updated: May 08, 2017

Statement Date: May 02, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Some models of ThinkCentre, ThinkPad, ThinkServer, and ThinkStation are affected, with updated firmware expected in mid-May 2017 or June 2017 depending on model. Please see Lenovo’s advisory below for more details.

Vendor References

<https://support.lenovo.com/us/en/product_security/LEN-14963>

Siemens __ Affected

Notified: May 22, 2017 Updated: June 27, 2017

Statement Date: June 26, 2017

Status

Affected

Vendor Statement

Several Intel processors (Intel Core i5, Intel Core i7 and Intel XEON) are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial

Products use Intel technology, they are also affected. Siemens has released updates for various products, is working on updates for the remaining affected products and recommends specific mitigations until fixes are available. (Please see security advisory SSA-874235 for more information).

Vendor Information

Siemens has released security advisory SSA-874235 regarding this vulnerability.

Vendor References

Toshiba America Information Systems, Inc. __ Affected

Updated: May 22, 2017

Statement Date: May 19, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Toshiba has released a security advisory with details about affected products. Patches for some systems are available now, with all affected systems expected to receive an update by July 2017.

Vendor References

<http://go.toshiba.com/intelsecuritynotice>

Check Point Software Technologies __ Not Affected

Notified: May 02, 2017 Updated: June 05, 2017

Statement Date: June 04, 2017

Status

Not Affected

Vendor Statement

Check Point appliances are not affected by the Intel Vulnerability which affects the Intel AMT, SBT and ISM technology management features:

* The built-in firmware on the Check Point appliances does not have these Intel management features
* Check Point appliances do not provide a physical means to access / enable the Intel management technologies noted as a vulnerability

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

* [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk117218](&lt;https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk117218&gt;)

Cisco __ Not Affected

Notified: May 02, 2017 Updated: May 03, 2017

Statement Date: May 03, 2017

Status

Not Affected

Vendor Statement

We have been evaluating this issue, and it has been determined that Cisco UCS Servers both Blade and Chassis variants are NOT affected by this issue. Cisco UCS Servers utilize Intel Server Platform Services (SPS) and not AMT, ISM, or SBT. We have confirmed with Intel that SPS is not affected by this vulnerability.