Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.
CWE-284: Improper Access Control - CVE-2017-5689
Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.
A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.
Apply a firmware update
Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.
This document was written by Garret Wassermann.
|Date First Published:||2017-05-02|
|Date Last Updated:||2017-12-21 18:17 UTC|