Vulnerability Note VU#491375

Intel Active Management Technology (AMT) does not properly enforce access control

Original Release date: 02 May 2017 | Last revised: 21 Dec 2017


Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.


CWE-284: Improper Access Control - CVE-2017-5689

Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.

These technologies listen for remote commands on several known ports. Intel's documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.

The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.

It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis. The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default. Intel's security advisory at present suggests consumer personal computers are unaffected by default. The "Vendor Information" section below contains more information.


A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.


Apply a firmware update

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a customized firmware update for your product.

Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
DellAffected02 May 201709 May 2017
F5 Networks, Inc.Affected02 May 201715 May 2017
FujitsuAffected04 May 201711 May 2017
Hewlett Packard EnterpriseAffected02 May 201705 May 2017
HP Inc.Affected-08 May 2017
Intel CorporationAffected-02 May 2017
LenovoAffected02 May 201708 May 2017
SiemensAffected22 May 201727 Jun 2017
Toshiba America Information Systems, Inc.Affected-22 May 2017
Check Point Software TechnologiesNot Affected02 May 201705 Jun 2017
CiscoNot Affected02 May 201703 May 2017
Fortinet, Inc.Not Affected02 May 201721 Dec 2017
ACCESSUnknown02 May 201702 May 2017
AcerUnknown02 May 201702 May 2017
Alcatel-LucentUnknown02 May 201702 May 2017
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 7.3 E:POC/RL:OF/RC:C
Environmental 5.5 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs: CVE-2017-5689
  • Date Public: 01 May 2017
  • Date First Published: 02 May 2017
  • Date Last Updated: 21 Dec 2017
  • Document Revision: 82


If you have feedback, comments, or additional information about this vulnerability, please send us email.