Intel AMT® Upgradable to Vulnerable Firmware

Summary:

Intel® Active Management Technology, Intel® Standard Manageability, and Intel® Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.

Description:

Intel® Active Management Technology, Intel® Standard Manageability, and Intel® Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.

• Medium 6.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

This version of firmware can potentially impact Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) or Intel® Small Business Technology (SBT). Consumer PCs with consumer firmware and data center servers using Intel® Server Platform Services are not affected by this vulnerability.

Affected products:

Intel® Active Management Technology, Intel® Standard Manageability, and Intel® Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000

Recommendations:

Intel recommends that users contact their system manufacturers for updated firmware which mitigates this issue.

Acknowledgements:

This issue was discovered during Intel internal validation.