search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Intel Active Management Technology (AMT) does not properly enforce access control

Vulnerability Note VU#491375

Original Release Date: 2017-05-02 | Last Revised: 2017-12-21

Overview

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.

Description

CWE-284: Improper Access Control - CVE-2017-5689

Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.

These technologies listen for remote commands on several known ports. Intel's documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.

The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.

It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis. The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default. Intel's security advisory at present suggests consumer personal computers are unaffected by default. The "Vendor Information" section below contains more information.

Impact

A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.

Solution

Apply a firmware update

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a customized firmware update for your product.

Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor Information

491375
 
Affected   Unknown   Unaffected

Dell

Notified:  May 02, 2017 Updated:  May 09, 2017

Statement Date:   May 06, 2017

Status

  Affected

Vendor Statement

Dell is aware of the industry-wide Intel Active Management Technology vulnerability described in the Intel Security Center advisory here. We are diligently working on mitigation and will release firmware update details for these products as they become available. In the meantime, Dell recommends that customers with immediate security concerns about the vulnerability review Intel's published Detection Guide and Mitigation Guide in addition to following best practices for securing internal networks and protecting systems from unauthorized physical access.

Dell would like to thank those in the security community whose efforts help us protect customers through coordinated vulnerability disclosure.

Please note, there are no known exploitations of this vulnerability reported to date.

Vendor Information

Dell initially released the above reaction, and has since released two white papers (one white paper for laptops and desktops and one white paper for servers) with details on affected products and anticipated release dates for updated firmware. Updated firmware will begin being released on May 17th, 2017, depending on the product.

Vendor References

http://en.community.dell.com/techcenter/extras/m/white_papers/20443914 http://en.community.dell.com/techcenter/extras/m/white_papers/20443937

F5 Networks, Inc.

Notified:  May 02, 2017 Updated:  May 15, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

F5 has released a security advisory on the issue, but has concluded that no F5 product is affected by the vulnerability.

Vendor References

https://support.f5.com/csp/article/K94700053

Fujitsu

Notified:  May 04, 2017 Updated:  May 11, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Fujitsu has released a security advisory and updated firmware for its products. Please see the list of affected products for more details.

Vendor References

http://support.ts.fujitsu.com/content/Intel_Firmware.asp?lng=EN https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-firmware-vulnerability-update-of-Fujitsu-CCD-products.pdf

HP Inc.

Updated:  May 08, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

HP Inc. has released an advisory with a list of affected products.

Vendor References

http://www8.hp.com/us/en/intelmanageabilityissue.html

Hewlett Packard Enterprise

Notified:  May 02, 2017 Updated:  May 05, 2017

Statement Date:   May 05, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Current status is that some HPE products are impacted, HPE is still assessing the total impact and will update the advisory at the link below as more information is available.

Vendor References

http://h22208.www2.hpe.com/eginfolib/securityalerts/CVE-2017-5689-Intel/CVE-2017-5689.html https://www.hpe.com/us/en/services/security-vulnerability.html

Intel Corporation

Updated:  May 02, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a firmware update.

Intel also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor References

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://downloadcenter.intel.com/download/26754

Lenovo

Notified:  May 02, 2017 Updated:  May 08, 2017

Statement Date:   May 02, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Some models of ThinkCentre, ThinkPad, ThinkServer, and ThinkStation are affected, with updated firmware expected in mid-May 2017 or June 2017 depending on model. Please see Lenovo's advisory below for more details.

Vendor References

https://support.lenovo.com/us/en/product_security/LEN-14963

Siemens

Notified:  May 22, 2017 Updated:  June 27, 2017

Statement Date:   June 26, 2017

Status

  Affected

Vendor Statement

Several Intel processors (Intel Core i5, Intel Core i7 and Intel XEON) are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial

Products use Intel technology, they are also affected. Siemens has released updates for various products, is working on updates for the remaining affected products and recommends specific mitigations until fixes are available. (Please see security advisory SSA-874235 for more information).

Vendor Information

Siemens has released security advisory SSA-874235 regarding this vulnerability.

Vendor References

https://www.siemens.com/cert/advisories/ https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf

Toshiba America Information Systems, Inc.

Updated:  May 22, 2017

Statement Date:   May 19, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Toshiba has released a security advisory with details about affected products. Patches for some systems are available now, with all affected systems expected to receive an update by July 2017.

Vendor References

http://go.toshiba.com/intelsecuritynotice

Check Point Software Technologies

Notified:  May 02, 2017 Updated:  June 05, 2017

Statement Date:   June 04, 2017

Status

  Not Affected

Vendor Statement

Check Point appliances are not affected by the Intel Vulnerability which affects the Intel AMT, SBT and ISM technology management features:

Cisco

Notified:  May 02, 2017 Updated:  May 03, 2017

Statement Date:   May 03, 2017

Status

  Not Affected

Vendor Statement

We have been evaluating this issue, and it has been determined that Cisco UCS Servers both Blade and Chassis variants are NOT affected by this issue. Cisco UCS Servers utilize Intel Server Platform Services (SPS) and not AMT, ISM, or SBT. We have confirmed with Intel that SPS is not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc.

Notified:  May 02, 2017 Updated:  December 21, 2017

Statement Date:   December 20, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

AT&T

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Acer

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Alcatel-Lucent

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

AsusTek Computer Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Avaya, Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Blue Coat Systems

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

CA Technologies

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

D-Link Systems, Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Enterasys Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Extreme Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Force10 Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Hitachi

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Huawei Technologies

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

IBM Corporation

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Juniper Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

McAfee

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Nokia

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Peplink

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Q1 Labs

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

SafeNet

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Snort

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Sourcefire

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Symantec

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

TippingPoint Technologies Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

VAIO Corporation

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Wind River

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

ZyXEL

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

View all 40 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 7.3 E:POC/RL:OF/RC:C
Environmental 5.5 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2017-5689
Date Public: 2017-05-01
Date First Published: 2017-05-02
Date Last Updated: 2017-12-21 18:17 UTC
Document Revision: 82

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.