Software Engineering Institute

Notified:  May 02, 2017 Updated: May 09, 2017

Statement Date:   May 06, 2017

Status

Affected

Vendor Statement

Dell is aware of the industry-wide Intel Active Management Technology vulnerability described in the Intel Security Center advisory here. We are diligently working on mitigation and will release firmware update details for these products as they become available. In the meantime, Dell recommends that customers with immediate security concerns about the vulnerability review Intel's published Detection Guide and Mitigation Guide in addition to following best practices for securing internal networks and protecting systems from unauthorized physical access.

Dell would like to thank those in the security community whose efforts help us protect customers through coordinated vulnerability disclosure.

Please note, there are no known exploitations of this vulnerability reported to date.

Vendor Information

Dell initially released the above reaction, and has since released two white papers (one white paper for laptops and desktops and one white paper for servers) with details on affected products and anticipated release dates for updated firmware. Updated firmware will begin being released on May 17th, 2017, depending on the product.

Vendor References

• http://en.community.dell.com/techcenter/extras/m/white_papers/20443914
• http://en.community.dell.com/techcenter/extras/m/white_papers/20443937

Notified:  May 02, 2017 Updated: May 15, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

F5 has released a security advisory on the issue, but has concluded that no F5 product is affected by the vulnerability.

Vendor References

• https://support.f5.com/csp/article/K94700053

Notified:  May 04, 2017 Updated: May 11, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Fujitsu has released a security advisory and updated firmware for its products. Please see the list of affected products for more details.

Vendor References

• http://support.ts.fujitsu.com/content/Intel_Firmware.asp?lng=EN
• https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-firmware-vulnerability-update-of-Fujitsu-CCD-products.pdf

Updated:  May 08, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

HP Inc. has released an advisory with a list of affected products.

Vendor References

• http://www8.hp.com/us/en/intelmanageabilityissue.html

Notified:  May 02, 2017 Updated: May 05, 2017

Statement Date:   May 05, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Current status is that some HPE products are impacted, HPE is still assessing the total impact and will update the advisory at the link below as more information is available.

Vendor References

• http://h22208.www2.hpe.com/eginfolib/securityalerts/CVE-2017-5689-Intel/CVE-2017-5689.html
• https://www.hpe.com/us/en/services/security-vulnerability.html

Updated:  May 02, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a firmware update.

Intel also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor References

• https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
• https://downloadcenter.intel.com/download/26754

Notified:  May 02, 2017 Updated: May 08, 2017

Statement Date:   May 02, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Some models of ThinkCentre, ThinkPad, ThinkServer, and ThinkStation are affected, with updated firmware expected in mid-May 2017 or June 2017 depending on model. Please see Lenovo's advisory below for more details.

Vendor References

• https://support.lenovo.com/us/en/product_security/LEN-14963

Notified:  May 22, 2017 Updated: June 27, 2017

Statement Date:   June 26, 2017

Status

Affected

Vendor Statement

Several Intel processors (Intel Core i5, Intel Core i7 and Intel XEON) are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial

Products use Intel technology, they are also affected. Siemens has released updates for various products, is working on updates for the remaining affected products and recommends specific mitigations until fixes are available. (Please see security advisory SSA-874235 for more information).

Vendor Information

Siemens has released security advisory SSA-874235 regarding this vulnerability.

Vendor References

• https://www.siemens.com/cert/advisories/
• https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf

Updated:  May 22, 2017

Statement Date:   May 19, 2017

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Toshiba has released a security advisory with details about affected products. Patches for some systems are available now, with all affected systems expected to receive an update by July 2017.

Vendor References

• http://go.toshiba.com/intelsecuritynotice