search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Intel Active Management Technology (AMT) does not properly enforce access control

Vulnerability Note VU#491375

Original Release Date: 2017-05-02 | Last Revised: 2017-12-21

Overview

Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.

Description

CWE-284: Improper Access Control - CVE-2017-5689

Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.

These technologies listen for remote commands on several known ports. Intel's documentation provides that ports 16992 and 16993 allow web GUI interaction with AMT. Other ports that may be used by AMT include 16994 and 16995, and 623 and 664.

The Intel Management Engine that supports these technologies is vulnerable to a privilege escalation that allows an unauthenticated attacker to gain access to the remote management features provided by the Intel Management Engine. Intel has released a security advisory as well as a mitigation guide with more details.

It is currently not clear how many devices or computers are shipped with Intel remote management technologies enabled by default. Original equipment manufacturers (OEMs) selling devices containing Intel products may enable remote management features by default on a model or BIOS/UEFI version basis. The CERT/CC is reaching out to OEMs to determine which if any models may be vulnerable by default. Intel's security advisory at present suggests consumer personal computers are unaffected by default. The "Vendor Information" section below contains more information.

Impact

A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.

Solution

Apply a firmware update

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a customized firmware update for your product.

Intel has also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor Information

491375
Expand all

Dell

Notified:  May 02, 2017 Updated:  May 09, 2017

Statement Date:   May 06, 2017

Status

  Affected

Vendor Statement

Dell is aware of the industry-wide Intel Active Management Technology vulnerability described in the Intel Security Center advisory here. We are diligently working on mitigation and will release firmware update details for these products as they become available. In the meantime, Dell recommends that customers with immediate security concerns about the vulnerability review Intel's published Detection Guide and Mitigation Guide in addition to following best practices for securing internal networks and protecting systems from unauthorized physical access.

Dell would like to thank those in the security community whose efforts help us protect customers through coordinated vulnerability disclosure.

Please note, there are no known exploitations of this vulnerability reported to date.

Vendor Information

Dell initially released the above reaction, and has since released two white papers (one white paper for laptops and desktops and one white paper for servers) with details on affected products and anticipated release dates for updated firmware. Updated firmware will begin being released on May 17th, 2017, depending on the product.

Vendor References

http://en.community.dell.com/techcenter/extras/m/white_papers/20443914 http://en.community.dell.com/techcenter/extras/m/white_papers/20443937

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

F5 Networks, Inc.

Notified:  May 02, 2017 Updated:  May 15, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

F5 has released a security advisory on the issue, but has concluded that no F5 product is affected by the vulnerability.

Vendor References

https://support.f5.com/csp/article/K94700053

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu

Notified:  May 04, 2017 Updated:  May 11, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Fujitsu has released a security advisory and updated firmware for its products. Please see the list of affected products for more details.

Vendor References

http://support.ts.fujitsu.com/content/Intel_Firmware.asp?lng=EN https://sp.ts.fujitsu.com/dmsp/Publications/public/Intel-firmware-vulnerability-update-of-Fujitsu-CCD-products.pdf

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

HP Inc.

Updated:  May 08, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

HP Inc. has released an advisory with a list of affected products.

Vendor References

http://www8.hp.com/us/en/intelmanageabilityissue.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett Packard Enterprise

Notified:  May 02, 2017 Updated:  May 05, 2017

Statement Date:   May 05, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Current status is that some HPE products are impacted, HPE is still assessing the total impact and will update the advisory at the link below as more information is available.

Vendor References

http://h22208.www2.hpe.com/eginfolib/securityalerts/CVE-2017-5689-Intel/CVE-2017-5689.html https://www.hpe.com/us/en/services/security-vulnerability.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Intel Corporation

Updated:  May 02, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Intel has released updated firmware for all affected hardware generations. For the complete list of the updated firmware version for each generation of hardware, please see Intel's advisory and check with your hardware vendor for a firmware update.

Intel also provided a mitigation guide for affected customers that do not have a firmware update available from an OEM.

Vendor References

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr https://downloadcenter.intel.com/download/26754

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Lenovo

Notified:  May 02, 2017 Updated:  May 08, 2017

Statement Date:   May 02, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Some models of ThinkCentre, ThinkPad, ThinkServer, and ThinkStation are affected, with updated firmware expected in mid-May 2017 or June 2017 depending on model. Please see Lenovo's advisory below for more details.

Vendor References

https://support.lenovo.com/us/en/product_security/LEN-14963

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Siemens

Notified:  May 22, 2017 Updated:  June 27, 2017

Statement Date:   June 26, 2017

Status

  Affected

Vendor Statement

Several Intel processors (Intel Core i5, Intel Core i7 and Intel XEON) are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial

Products use Intel technology, they are also affected. Siemens has released updates for various products, is working on updates for the remaining affected products and recommends specific mitigations until fixes are available. (Please see security advisory SSA-874235 for more information).

Vendor Information

Siemens has released security advisory SSA-874235 regarding this vulnerability.

Vendor References

https://www.siemens.com/cert/advisories/ https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Toshiba America Information Systems, Inc.

Updated:  May 22, 2017

Statement Date:   May 19, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Toshiba has released a security advisory with details about affected products. Patches for some systems are available now, with all affected systems expected to receive an update by July 2017.

Vendor References

http://go.toshiba.com/intelsecuritynotice

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Check Point Software Technologies

Notified:  May 02, 2017 Updated:  June 05, 2017

Statement Date:   June 04, 2017

Status

  Not Affected

Vendor Statement

Check Point appliances are not affected by the Intel Vulnerability which affects the Intel AMT, SBT and ISM technology management features:

    • The built-in firmware on the Check Point appliances does not have these Intel management features
    • Check Point appliances do not provide a physical means to access / enable the Intel management technologies noted as a vulnerability

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk117218

    Addendum

    There are no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cisco

Notified:  May 02, 2017 Updated:  May 03, 2017

Statement Date:   May 03, 2017

Status

  Not Affected

Vendor Statement

We have been evaluating this issue, and it has been determined that Cisco UCS Servers both Blade and Chassis variants are NOT affected by this issue. Cisco UCS Servers utilize Intel Server Platform Services (SPS) and not AMT, ISM, or SBT. We have confirmed with Intel that SPS is not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fortinet, Inc.

Notified:  May 02, 2017 Updated:  December 21, 2017

Statement Date:   December 20, 2017

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ACCESS

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AT&T

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Acer

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Alcatel-Lucent

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

AsusTek Computer Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Avaya, Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Blue Coat Systems

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CA Technologies

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

D-Link Systems, Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Enterasys Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Extreme Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Force10 Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Huawei Technologies

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

McAfee

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Peplink

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Q1 Labs

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SafeNet

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Snort

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sourcefire

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Symantec

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TippingPoint Technologies Inc.

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

VAIO Corporation

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

ZyXEL

Notified:  May 02, 2017 Updated:  May 02, 2017

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 7.3 E:POC/RL:OF/RC:C
Environmental 5.5 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2017-5689
Date Public: 2017-05-01
Date First Published: 2017-05-02
Date Last Updated: 2017-12-21 18:17 UTC
Document Revision: 82

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.