Vulnerability Note VU#491375
Intel Active Management Technology (AMT) does not properly enforce access control
Original Release date: 02 May 2017 | Last revised: 27 Jun 2017

Overview
Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.

Description
CWE-284: Improper Access Control – CVE-2017-5689
Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems.

These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.

These technologies listen for remote commands on several known ports.
Intel’s documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.

The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.

It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis.

The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default.
Intel’s security advisory at present suggests consumer personal computers are unaffected by default.

The "Vendor Informationquot; section below contains more information.

Impact
A remote, unauthenticated attacker may be able to gain access to the remote management features of the system.

The execution occurs at a hardware system level regardless of operating system environment and configuration.

Solution
Apply a firmware update

Intel has released updated firmware for all affected hardware generations.

For the complete list of the updated firmware version for each generation of hardware, please see Intel’s advisory and check with your hardware vendor for a customized firmware update for your product.

Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedDellAffected02 May 201709 May 2017
F5 Networks, Inc.Affected02 May 201715 May 2017
FujitsuAffected04 May 201711 May 2017
Hewlett Packard EnterpriseAffected02 May 201705 May 2017
HP Inc.Affected-08 May 2017
Intel CorporationAffected-02 May 2017
LenovoAffected02 May 201708 May 2017
SiemensAffected22 May 201727 Jun 2017
Toshiba America Information Systems, Inc.Affected-22 May 2017
Check Point Software TechnologiesNot Affected02 May 201705 Jun 2017
CiscoNot Affected02 May 201703 May 2017
ACCESSUnknown02 May 201702 May 2017
AcerUnknown02 May 201702 May 2017
Alcatel-LucentUnknown02 May 201702 May 2017
AsusTek Computer Inc.Unknown02 May 201702 May 2017If you are a vendor and your product is affected, let
us know.View More &raquo

CVSS Metrics (Learn More)

Group
Score
Vector

Base
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal
7.3
E:POC/RL:OF/RC:C

Environmental
5.5
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075languageid=en-fr
https://downloadcenter.intel.com/download/26754
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
https://www.ssh.com/vulnerability/intel-amt/
https://software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf
http://download.intel.com/support/motherboards/desktop/sb/intel_mebx_user_guide_for_7series.pdf
https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required
http://cwe.mitre.org/data/definitions/284.html

Credit

Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.
This document was written by Garret Wassermann.

Other Information

CVE IDs:
CVE-2017-5689

Date Public:
01 May 2017

Date First Published:
02 May 2017

Date Last Updated:
27 Jun 2017

Document Revision:
81

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply