Home › Security Center ›
Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege
Intel ID:  INTEL-SA-00075
Product family:  Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability
Impact of vulnerability Elevation of Privilege
Severity rating Critical
Original release:  May 01, 2017
Last revised:  May 01, 2017
Summary: 

There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.  This vulnerability does not exist on Intel-based consumer PCs. 
 
Description: 

There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
    • CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
    • CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
 
Affected products: 

The issue has been observed in Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability.  Versions before 6 or after 11.6 are not impacted.
 
Recommendations: 

Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system: https://communities.intel.com/docs/DOC-5693.  If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required.

Step 2: Utilize the Detection Guide to assess if your system has the impacted firmware: https://downloadcenter.intel.com/download/26755. If you do have a version in the “Resolved Firmware” column no further action is required to secure your system from this vulnerability.

Step 3: Intel highly recommends checking with your system OEM for updated firmware.  Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608.

Step 4: If a firmware update is not available from your OEM, mitigations for provided in this document: https://downloadcenter.intel.com/download/26754

For assistance in implementing the mitigations steps provided in this document, please contact Intel Customer Support (http://www.intel.com/content/www/us/en/support/contact-support.html#@23); from the Technologies section, select Intel® Active Management Technology (Intel® AMT).

Intel manageability
firmware

Associated
CPU Generation

Resolved
Firmware

X.X.XX.3XXX

  
 

6.0.xx.xxxx

1st Gen Core

6.2.61.3535

  

6.1.xx.xxxx

6.2.61.3535

  

6.2.xx.xxxx

6.2.61.3535

  

7.0.xx.xxxx

2nd Gen Core

7.1.91.3272

  

7.1.xx.xxxx

7.1.91.3272

  

8.0.xx.xxxx

3rd Gen Core

8.1.71.3608

  

8.1.xx.xxxx

8.1.71.3608

  

9.0.xx.xxxx

4th Gen Core

 

9.1.41.3024

  

9.1.xx.xxxx

9.1.41.3024

  

9.5.xx.xxxx

9.5.61.3012

  

10.0.xx.xxxx

5th Gen Core

10.0.55.3000

  

11.0.xx.xxxx

6th Gen Core

11.0.25.3001

  

11.5.xx.xxxx

7th Gen Core

11.6.27.3264

  

11.6.xx.xxxx

11.6.27.3264

  
 
 
Acknowledgements: 

Intel would like to thank Maksim Malyutin from Embedi for reporting this issue and working with us on coordinated disclosure.
 
Revision history: 
Revision
Date
Description
1.0
01-May-2017
Initial Release
1.1
01-May-2017
Detection update
 
CVE Name: 
CVE-2017-5689

Disclaimer:

INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH INTEL® PRODUCTS. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. INTEL RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.

© 2006, Intel Corporation