search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Intel Active Management Technology (AMT) does not properly enforce access control

Vulnerability Note VU#491375

Original Release Date: 2017-05-02 | Last Revised: 2017-12-21

Overview

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.

Description

CWE-284: Improper Access Control - CVE-2017-5689

Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.

These technologies listen for remote commands on several known ports. Intel's documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.

The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.

It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis. The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default. Intel's security advisory at present suggests consumer personal computers are unaffected by default. The "Vendor Information" section below contains more information.

Impact

A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.

Solution

Apply a firmware update

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a customized firmware update for your product.

Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor Information

491375
 
Affected   Unknown   Unaffected

Dell

Notified:  May 02, 2017 Updated:  May 09, 2017

Statement Date:   May 06, 2017

Status

  Affected

Vendor Statement

Dell is aware of the industry-wide Intel Active Management Technology vulnerability described in the Intel Security Center advisory here. We are diligently working on mitigation and will release firmware update details for these products as they become available. In the meantime, Dell recommends that customers with immediate security concerns about the vulnerability review Intel's published Detection Guide and Mitigation Guide in addition to following best practices for securing internal networks and protecting systems from unauthorized physical access.

Dell would like to thank those in the security community whose efforts help us protect customers through coordinated vulnerability disclosure.

Please note, there are no known exploitations of this vulnerability reported to date.

Vendor Information

Dell initially released the above reaction, and has since released two white papers (one white paper for laptops and desktops and one white paper for servers) with details on affected products and anticipated release dates for updated firmware. Updated firmware will begin being released on May 17th, 2017, depending on the product.

Vendor References

F5 Networks, Inc.

Notified:  May 02, 2017 Updated:  May 15, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

F5 has released a security advisory on the issue, but has concluded that no F5 product is affected by the vulnerability.

Vendor References

Fujitsu

Notified:  May 04, 2017 Updated:  May 11, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Fujitsu has released a security advisory and updated firmware for its products. Please see the list of affected products for more details.

Vendor References

HP Inc.

Updated:  May 08, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

HP Inc. has released an advisory with a list of affected products.

Vendor References

Hewlett Packard Enterprise

Notified:  May 02, 2017 Updated:  May 05, 2017

Statement Date:   May 05, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Current status is that some HPE products are impacted, HPE is still assessing the total impact and will update the advisory at the link below as more information is available.

Vendor References

Intel Corporation

Updated:  May 02, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a firmware update.

Intel also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor References

Lenovo

Notified:  May 02, 2017 Updated:  May 08, 2017

Statement Date:   May 02, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Some models of ThinkCentre, ThinkPad, ThinkServer, and ThinkStation are affected, with updated firmware expected in mid-May 2017 or June 2017 depending on model. Please see Lenovo's advisory below for more details.

Vendor References

Siemens

Notified:  May 22, 2017 Updated:  June 27, 2017

Statement Date:   June 26, 2017

Status

  Affected

Vendor Statement

Several Intel processors (Intel Core i5, Intel Core i7 and Intel XEON) are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial

Products use Intel technology, they are also affected. Siemens has released updates for various products, is working on updates for the remaining affected products and recommends specific mitigations until fixes are available. (Please see security advisory SSA-874235 for more information).

Vendor Information

Siemens has released security advisory SSA-874235 regarding this vulnerability.

Vendor References

Toshiba America Information Systems, Inc.

Updated:  May 22, 2017

Statement Date:   May 19, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Toshiba has released a security advisory with details about affected products. Patches for some systems are available now, with all affected systems expected to receive an update by July 2017.

Vendor References

Check Point Software Technologies

Notified:  May 02, 2017 Updated:  June 05, 2017

Statement Date:   June 04, 2017

Status

  Not Affected

Vendor Statement

Check Point appliances are not affected by the Intel Vulnerability which affects the Intel AMT, SBT and ISM technology management features:

Cisco

Notified:  May 02, 2017 Updated:  May 03, 2017

Statement Date:   May 03, 2017

Status

  Not Affected

Vendor Statement

We have been evaluating this issue, and it has been determined that Cisco UCS Servers both Blade and Chassis variants are NOT affected by this issue. Cisco UCS Servers utilize Intel Server Platform Services (SPS) and not AMT, ISM, or SBT. We have confirmed with Intel that SPS is not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc.

Notified:  May 02, 2017 Updated:  December 21, 2017

Statement Date:   December 20, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    AT&T

    Notified:  May 02, 2017 Updated:  May 02, 2017

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Acer

      Notified:  May 02, 2017 Updated:  May 02, 2017

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Alcatel-Lucent

        Notified:  May 02, 2017 Updated:  May 02, 2017

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          AsusTek Computer Inc.

          Notified:  May 02, 2017 Updated:  May 02, 2017

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            Avaya, Inc.

            Notified:  May 02, 2017 Updated:  May 02, 2017

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              Blue Coat Systems

              Notified:  May 02, 2017 Updated:  May 02, 2017

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                CA Technologies

                Notified:  May 02, 2017 Updated:  May 02, 2017

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  D-Link Systems, Inc.

                  Notified:  May 02, 2017 Updated:  May 02, 2017

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    Enterasys Networks

                    Notified:  May 02, 2017 Updated:  May 02, 2017

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      Extreme Networks

                      Notified:  May 02, 2017 Updated:  May 02, 2017

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        Force10 Networks

                        Notified:  May 02, 2017 Updated:  May 02, 2017

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          Hitachi

                          Notified:  May 02, 2017 Updated:  May 02, 2017

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            Huawei Technologies

                            Notified:  May 02, 2017 Updated:  May 02, 2017

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              IBM Corporation

                              Notified:  May 02, 2017 Updated:  May 02, 2017

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                Juniper Networks

                                Notified:  May 02, 2017 Updated:  May 02, 2017

                                Status

                                  Unknown

                                Vendor Statement

                                No statement is currently available from the vendor regarding this vulnerability.

                                Vendor References

                                  McAfee

                                  Notified:  May 02, 2017 Updated:  May 02, 2017

                                  Status

                                    Unknown

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor References

                                    Nokia

                                    Notified:  May 02, 2017 Updated:  May 02, 2017

                                    Status

                                      Unknown

                                    Vendor Statement

                                    No statement is currently available from the vendor regarding this vulnerability.

                                    Vendor References

                                      Peplink

                                      Notified:  May 02, 2017 Updated:  May 02, 2017

                                      Status

                                        Unknown

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor References

                                        Q1 Labs

                                        Notified:  May 02, 2017 Updated:  May 02, 2017

                                        Status

                                          Unknown

                                        Vendor Statement

                                        No statement is currently available from the vendor regarding this vulnerability.

                                        Vendor References

                                          SafeNet

                                          Notified:  May 02, 2017 Updated:  May 02, 2017

                                          Status

                                            Unknown

                                          Vendor Statement

                                          No statement is currently available from the vendor regarding this vulnerability.

                                          Vendor References

                                            Snort

                                            Notified:  May 02, 2017 Updated:  May 02, 2017

                                            Status

                                              Unknown

                                            Vendor Statement

                                            No statement is currently available from the vendor regarding this vulnerability.

                                            Vendor References

                                              Sourcefire

                                              Notified:  May 02, 2017 Updated:  May 02, 2017

                                              Status

                                                Unknown

                                              Vendor Statement

                                              No statement is currently available from the vendor regarding this vulnerability.

                                              Vendor References

                                                Symantec

                                                Notified:  May 02, 2017 Updated:  May 02, 2017

                                                Status

                                                  Unknown

                                                Vendor Statement

                                                No statement is currently available from the vendor regarding this vulnerability.

                                                Vendor References

                                                  TippingPoint Technologies Inc.

                                                  Notified:  May 02, 2017 Updated:  May 02, 2017

                                                  Status

                                                    Unknown

                                                  Vendor Statement

                                                  No statement is currently available from the vendor regarding this vulnerability.

                                                  Vendor References

                                                    VAIO Corporation

                                                    Notified:  May 02, 2017 Updated:  May 02, 2017

                                                    Status

                                                      Unknown

                                                    Vendor Statement

                                                    No statement is currently available from the vendor regarding this vulnerability.

                                                    Vendor References

                                                      Wind River

                                                      Notified:  May 02, 2017 Updated:  May 02, 2017

                                                      Status

                                                        Unknown

                                                      Vendor Statement

                                                      No statement is currently available from the vendor regarding this vulnerability.

                                                      Vendor References

                                                        ZyXEL

                                                        Notified:  May 02, 2017 Updated:  May 02, 2017

                                                        Status

                                                          Unknown

                                                        Vendor Statement

                                                        No statement is currently available from the vendor regarding this vulnerability.

                                                        Vendor References

                                                          View all 40 vendors View less vendors


                                                          CVSS Metrics

                                                          Group Score Vector
                                                          Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
                                                          Temporal 7.3 E:POC/RL:OF/RC:C
                                                          Environmental 5.5 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

                                                          References

                                                          Acknowledgements

                                                          Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.

                                                          This document was written by Garret Wassermann.

                                                          Other Information

                                                          CVE IDs: CVE-2017-5689
                                                          Date Public: 2017-05-01
                                                          Date First Published: 2017-05-02
                                                          Date Last Updated: 2017-12-21 18:17 UTC
                                                          Document Revision: 82

                                                          Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.