Technologies based on Intel Active Management Technology may be vulnerable to remote privilege escalation, which may allow a remote, unauthenticated attacker to execute arbitrary code on the system.
CWE-284: Improper Access Control - CVE-2017-5689
Intel offers a number of hardware-based remote management technologies meant for maintenance of computer systems. These technologies include Intel® Active Management Technology (AMT), Intel® Small Business Technology (SBT), and Intel® Standard Manageability, and the Intel Management Engine.
A remote, unauthenticated attacker may be able to gain access to the remote management features of the system. The execution occurs at a hardware system level regardless of operating system environment and configuration.
Apply a firmware update
F5 Networks, Inc.
Hewlett Packard Enterprise
Toshiba America Information Systems, Inc.
Check Point Software Technologies
AsusTek Computer Inc.
Blue Coat Systems
D-Link Systems, Inc.
TippingPoint Technologies Inc.
Intel thanks Maksim Malyutin from Embedi for reporting this issue and coordinating with Intel.
This document was written by Garret Wassermann.
|Date First Published:||2017-05-02|
|Date Last Updated:||2017-12-21 18:17 UTC|