Privilege escalation in Intel Manageability Firmware
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-5689 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #1 is being exploited in the wild. |
| Vulnerable software |
Intel Manageability Firmware Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Privilege escalation
EUVDB-ID: #VU6397
Risk: High
CVSSv4.0: 8.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-5689
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated or local attacker to gain elevated privileges on the target system.
The vulnerability exists due to improper authentication. A remote attacker can connect to the 16992/tcp port through UDP protocol and gain full control of Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). A local attacker can escalate privileges and compromise Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Successful exploitation of the vulnerability may result in system compromise.
Mitigation
Install update from vendor's website.
Intel Manageability Firmware: 6.0 - 11.6
CPE2.3- cpe:2.3:h:intel:intel_manageability_firmware:6.0:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:6.1:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_manageability_firmware:6.2:*:*:*:*:*:*:*
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://mjg59.dreamwidth.org/48429.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
