Potential denial of service or escalation of privilege.
Source: Intel
Reported By: Intel
Potential security vulnerabilities have been identified with certain versions of Intel Active Management Technology, Management Engine Firmware, and Management Engine Software.
The Cumulative Security update and WPA2 vulnerability fix impacts ME versions 11.x, 10.x, 9.x, and 8.x. The Cumulative Security fix addresses vulnerabilities that could potentially place impacted platforms at risk.
The WPA2 fix addresses vulnerabilities associated with handling of WPA/WPA2 keys as part of a wireless network and will help prevent unauthorized access to the network. The Wi-Fi fix addresses potential denial-of-service attacks in wireless networks.
> note:
>
> For the WPA2 vulnerability and the Intel ME firmware update, software driver fixes for WLAN devices are also needed. They are available via the following Security Bulletin: HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security.
HP has provided updates for the Intel ME firmware. Impacted HP platforms are shown in the tables below.