Intel released a security advisory to address an elevation of privilege vulnerability found in Intel Management Engine firmware after it was discovered by security researcher, Maksim Malyutin. Vulnerability CVE-2017-5689 affects Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) firmware versions 6 through 11.6. The affected technologies provide system administrators the ability to manage workstations remotely over a network via ports 16992 and 16993. If exploited successfully, a malicious actor could gain control of manageability features and remotely execute code. This vulnerability may be leveraged in two ways:
- An unprivileged network attacker could gain system privileges to Intel manageability stock-keeping units (SKUs) for Intel Active Management Technology and Intel Standard Manageability. (CRITICAL)
- An unprivileged local attacker could access manageability features on an unprivileged network or local system privileges on Intel manageability SKUs for Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. (HIGH)
The NJCCIC recommends users and administrators review the Intel Security Advisory and determine if their enterprise is affected, update their firmware, or implement the mitigation strategy provided by Intel.