CVE Vulnerability Identifier(s): CVE-2017-5689
Partner Vendor(s): Intel
CVSS 3.0 Score(s): 8.4 and 9.8
Severity Rating(s): Critical
Intel has publicly disclosed an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intel® Server Platform Services (Intel® SPS), or Intel® Xeon® Processor E3 and Intel® Xeon® Processor E5 workstations utilizing Intel® SPS firmware.
Intel's official advisory can be found here.
Partner/Vendor Solution
Customers are strongly recommended to review Intel's official advisory for full technical details and apply the applicable remediation steps (e.g. firmware updates, patches, etc.) for the vulnerabilities outlines above as soon as possible.
Protect Your Network Using Trend Micro Products
In addition to the provided partner/vendor solutions outlined above, or for customers who may have timing challenges in deploying the permanent fixes, Trend Micro also has some proactive protection against these vulnerabilities when using the following products:
- Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest IPS rules have an updated layer of Virtual Patching protection. Specifically, Trend Micro has released the following rule for proactive protection:
- Rule 1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
- Trend Micro TippingPoint customers with the following filters have updated protection:
- Filter 28213 - HTTP: Null Response Digest
- Filter 28456 - HTTP: Intel Active Management Technology Authentication Bypass Vulnerability
Mitigating Factors
Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.
However, even though an exploit may require several specific conditions to be met, Trend Micro and its partners strongly encourages customers to update to the latest builds and patches as soon as possible due to the critical nature of these vulnerabilities.
External Reference(s)