Vulnerabilities > CVE-2017-5689 - Privilege Escalation vulnerability in Multiple Intel Products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Vulnerable Configurations
Exploit-Db
description | Intel Active Management Technology - System Privileges. CVE-2017-5689. Remote exploit for Multiple platform |
id | EDB-ID:43385 |
last seen | 2018-01-08 |
modified | 2017-05-10 |
published | 2017-05-10 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43385/ |
title | Intel Active Management Technology - System Privileges |
Metasploit
description | This module scans for Intel Active Management Technology endpoints and attempts to bypass authentication using a blank HTTP digest (CVE-2017-5689). This service can be found on ports 16992, 16993 (tls), 623, and 624 (tls). |
id | MSF:AUXILIARY/SCANNER/HTTP/INTEL_AMT_DIGEST_BYPASS |
last seen | 2020-06-14 |
modified | 1976-01-01 |
published | 1976-01-01 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/intel_amt_digest_bypass.rb |
title | Intel AMT Digest Authentication Bypass Scanner |
Nessus
NASL family | Web Servers |
NASL id | INTEL_SA_00075.NASL |
description | The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and according to its self-reported version in the banner, it is running Intel manageability firmware version 6.x prior to 6.2.61.3535, 7.x prior to 7.1.91.3272, 8.x prior to 8.1.71.3608, 9.0.x or 9.1.x prior to 9.1.41.3024, 9.5.x prior to 9.5.61.3012, 10.0.x prior to 10.0.55.3000, 11.0.18.x prior to 11.0.18.3003, 11.0.22.x prior to 11.0.22.3001, 11.0.x prior to 11.0.25.3001, 11.6.12.x prior to 11.6.12.3202, or else 11.5.x or 11.6.x prior to 11.6.27.3264. It is, therefore, affected by a remote code execution vulnerability due to insecure read and write operations. An unauthenticated, remote attacker can exploit this to execute arbitrary code. Note that the vulnerability is only exploitable remotely if either Active Management Technology (AMT), Intel Standard Manageability (ISM), or Small Business Technology (SBT) is enabled. However, a local attacker can still exploit the vulnerability even if these components are disabled by simply re-enabling the components. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 97998 |
published | 2017-05-03 |
reporter | This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/97998 |
title | Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075) (remote check) |
code |
|
The Hacker News
id THN:B2CD802394694AA17ECB051A9D9C7CB6 last seen 2018-01-27 modified 2017-05-02 published 2017-05-01 reporter Swati Khandelwal source https://thehackernews.com/2017/05/intel-server-chipsets.html title PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely id THN:BA4BC453AFA67B10DA346CBD7A9928A0 last seen 2018-01-27 modified 2017-05-12 published 2017-05-05 reporter Swati Khandelwal source https://thehackernews.com/2017/05/intel-amt-vulnerability.html title Explained — How Intel AMT Vulnerability Allows to Hack Computers Remotely
Related news
- Explained — How Intel AMT Vulnerability Allows to Hack Computers Remotely (The Hackers News) (source)
- Explained — How Intel AMT Vulnerability Works, Which Allows Remote System Takeover (The Hackers News) (source)
- PCs With Intel Server Chipsets, Launched In Past 9-Years, Can Be Hacked Remotely (The Hackers News) (source)
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securityfocus.com/bid/98269
- http://www.securitytracker.com/id/1038385
- https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf
- https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide-Rev%201.1.pdf
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03754en_us
- https://security.netapp.com/advisory/ntap-20170509-0001/
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
- https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
- https://www.embedi.com/news/mythbusters-cve-2017-5689
- https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability