Vulnerability Note VU#491375

Intel Active Management Technology (AMT) does not properly enforce access control

Original Release date: 02 May 2017 | Last revised: 22 May 2017

Overview

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.

Description

CWE-284: Improper Access Control - CVE-2017-5689

Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.

These technologies listen for remote commands on several known ports. Intel's documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.

The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.

It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis. The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default. Intel's security advisory at present suggests consumer personal computers are unaffected by default. The "Vendor Information" section below contains more information.

Impact

A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.

Solution

Apply a firmware update

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a customized firmware update for your product.

Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
DellAffected02 May 201709 May 2017
F5 Networks, Inc.Affected02 May 201715 May 2017
FujitsuAffected04 May 201711 May 2017
Hewlett Packard EnterpriseAffected02 May 201705 May 2017
HP Inc.Affected-08 May 2017
Intel CorporationAffected-02 May 2017
LenovoAffected02 May 201708 May 2017
Toshiba America Information Systems, Inc.Affected-22 May 2017
CiscoNot Affected02 May 201703 May 2017
ACCESSUnknown02 May 201702 May 2017
AcerUnknown02 May 201702 May 2017
Alcatel-LucentUnknown02 May 201702 May 2017
AsusTek Computer Inc.Unknown02 May 201702 May 2017
AT&TUnknown02 May 201702 May 2017
Avaya, Inc.Unknown02 May 201702 May 2017
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 7.3 E:POC/RL:OF/RC:C
Environmental 5.5 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs: CVE-2017-5689
  • Date Public: 01 May 2017
  • Date First Published: 02 May 2017
  • Date Last Updated: 22 May 2017
  • Document Revision: 73

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.