Signature Detail

HTTP: Intel Active Management Technology Remote Privilege Escalation

This signature detects attempts to exploit a known vulnerability in Intel Active Management Technology (AMT) and the Intel Standard Manageability (ISM) and Intel Small Business Technology (SBT) variants. Successful exploitation allows an unprivileged attacker to gain administrative privileges over the management component of the target system.

Extended Description

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

Affected Products

• Intel active_management_technology_firmware 10.0
• Intel active_management_technology_firmware 11.0
• Intel active_management_technology_firmware 11.5
• Intel active_management_technology_firmware 11.6
• Intel active_management_technology_firmware 6.0
• Intel active_management_technology_firmware 6.1
• Intel active_management_technology_firmware 6.2
• Intel active_management_technology_firmware 7.0
• Intel active_management_technology_firmware 7.1
• Intel active_management_technology_firmware 8.0
• Intel active_management_technology_firmware 8.1
• Intel active_management_technology_firmware 9.0
• Intel active_management_technology_firmware 9.1
• Intel active_management_technology_firmware 9.5

References

• CVE: CVE-2017-5689