An Elevation of privilege vulnerability in Intel’s Management solutions, was confirmed by Intel who released INTEL-SA-00075 for the same. The vulnerability can allow an unprivileged attacker to take over the management features. This vulnerability is assigned ID CVE-2017-5689, it rated as critical for affected targets. It is important to note that this bug does not affect PCs with consumer firmware, Intel servers with Intel® Server Platform Services, Intel Xeon Processor E3 and Intel® Xeon® Processor E5 workstations on Intel® SPS firmware.
Affected products:
- Intel® Active Management Technology (AMT)
- Intel® Standard Manageability (ISM)
- Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6
Intel has provided a discovery tool for IT administrators to detect vulnerable targets on the network. The tool comes in two variations, an interactive GUI tool that discovers the hardware and software information of the device and provides indication of vulnerability. The second version of the tool is a console executable that obtains the discovery information and saves it to Windows* registry and/or to an XML file. Intel is also maintaining a tentative list of PC manufacturers who have updated their firmware to address this vulnerability.
Mitigation:
Qualys request organizations to scan their network with the QID 43506 to detect vulnerable targets. Also Intel has provided a mitigation guide to assist administrators in Unprovisioning Intel SKU clients and Disabling or removing the Local Manageability. We request you follow ThreatProtect for more updates regarding this vulnerability.
References:
INTEL-SA-00075
Embedi
Important Security Information about Intel Manageability Firmware
Intel Mitigation Guide
Discovery Tool
CVE-2017-5689