CERT-In Advisory
CIAD-2017-0054
Multiple Vulnerabilities in Intel Management Engine
Original Issue Date: November 27, 2017
Severity Rating: High
Software Affected
- Intel Management Engine (ME) Firmware versions 11.0.0 through 11.7.0
- Intel Server Platform Services (SPS) Firmware version 4.0
- Intel Trusted Execution Engine (TXE) Firmware version 3.0
- 6th, 7th & 8th Generation Intel Core Processor Family
- Intel Xeon Processor E3-1200 v5 & v6 Product Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor W Family
- Intel Atom C3000 Processor Family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series Processors
Overview
Multiple vulnerabilities have been reported in Intel's Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) which could be exploited by an attacker to obtain sensitive information, gain elevated privileges or execute arbitrary code on the targeted system.
Description
1. Buffer Overflow Vulnerabilities
(
CVE-2017-5705
CVE-2017-5706
CVE-2017-5707
)
These vulnerabilities exist in Intel's Manageability Engine (ME), Server Platform Services (SPS) and Trusted Execution Engine (TXE) firmware due to buffer overflow conditions. A local attacker with access to the targeted system could exploit these vulnerabilities by triggering multiple kernel buffer overflow conditions on the targeted system.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code resulting in complete system compromise.
2. Multiple Active Management Technology (AMT) Buffer Overflow Vulnerabilities
(
CVE-2017-5711
CVE-2017-5712
)
These vulnerabilities exist in the Active Management Technology (AMT) feature of Intel's Manageability Engine (ME) Firmware due to buffer overflow conditions. An attacker could exploit these vulnerabilities by triggering kernel buffer overflow conditions on the targeted system to execute arbitrary code with AMT privileges resulting in complete system compromise.
3. Multiple Privilege Escalation Vulnerabilities
(
CVE-2017-5708
CVE-2017-5709
CVE-2017-5710
)
These vulnerabilities exist in Intel's Manageability Engine (ME), Server Platform Services (SPS) and Trusted Execution Engine (TXE) Firmware due to unspecified flaws in the affected firmware. A local attacker with access to the targeted system could exploit these vulnerabilities via an unspecified vector to gain access to privileged information on a targeted system.
Solution
Apply appropriate firmware updates as mentioned by Intel
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
Vendor Information
Intel
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
References
Intel
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
https://downloadcenter.intel.com/download/27150
Security Tracker
https://securitytracker.com/id/1039852
CISCO
https://tools.cisco.com/security/center/viewAlert.x?alertId=56008
https://tools.cisco.com/security/center/viewAlert.x?alertId=56009
https://tools.cisco.com/security/center/viewAlert.x?alertId=56010
https://tools.cisco.com/security/center/viewAlert.x?alertId=56011
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|