Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.
CWE-284: Improper Access Control - CVE-2017-5689
Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.
A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.
Apply a firmware update
F5 Networks, Inc. Affected
HP Inc. Affected
Hewlett Packard Enterprise Affected
Intel Corporation Affected
Check Point Software Technologies Not Affected
Cisco Not Affected
Fortinet, Inc. Not Affected
AsusTek Computer Inc. Unknown
Avaya, Inc. Unknown
Blue Coat Systems Unknown
CA Technologies Unknown
D-Link Systems, Inc. Unknown
Enterasys Networks Unknown
Extreme Networks Unknown
Force10 Networks Unknown
Huawei Technologies Unknown
IBM Corporation Unknown
Juniper Networks Unknown
Q1 Labs Unknown
TippingPoint Technologies Inc. Unknown
VAIO Corporation Unknown
Wind River Unknown
Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.
This document was written by Garret Wassermann.
|Date First Published:||2017-05-02|
|Date Last Updated:||2017-12-21 18:17 UTC|