SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   Intel Management Engine Vendors:   Intel
Intel Management Engine Multiple Flaws Let Remote Authenticated Users and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1039852
SecurityTracker URL:  http://securitytracker.com/id/1039852
CVE Reference:   CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712   (Links to External Site)
Updated:  Dec 5 2017
Original Entry Date:  Nov 21 2017
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.0, 11.5, 11.6, 11.7, 11.10, 11.20
Description:   Multiple vulnerabilities were reported in Intel Management Engine. A remote authenticated user can obtain elevated privileges on the target system. A local user can obtain elevated privileges on the target system.

A local user can trigger a buffer overflow in the Intel Management Engine (ME) kernel to execute arbitrary code on the target system [CVE-2017-5705].
A local user can exploit an unspecified flaw in the Intel ME kernel to access privileged content on the target system [CVE-2017-5708].

A local user can trigger buffer overflows in the Intel ME kernel to execute arbitrary code with AMT privileges on the target system [CVE-2017-5711].

On hardware systems that have enabled Flash Descriptor write protections, a physically local user can exploit the vulnerabilities in CVE-2017-5705, CVE-2017-5708, and CVE-2017-5711. On systems that have not enabled Flash Descriptor write protections, a local user without physical access can exploit those vulnerabilities.

A remote authenticated user with Admin privileges can trigger a buffer overflow in the Intel ME kernel to execute arbitrary code with AMT privileges on the target system [CVE-2017-5712].

The following processor series are affected:

6th, 7th, and 8th Generation Intel Core
Intel Xeon Processor E3-1200 v5 and v6
Intel Xeon Processor Scalable
Intel Xeon Processor W
Intel Atom C3000 Processor
Apollo Lake Intel Atom Processor E3900 series
Apollo Lake Intel Pentium
Celeron N and J series Processors

[Editor's note: The Intel Trusted Execution Engine (TXE) and Intel Server Platform Services (SPS) products are affected by separate vulnerabilities.]

Mark Ermolov and Maxim Goryachy from Positive Technologies Research reported one of these vulnerabilities.

Impact:   A remote authenticated user can obtain elevated privileges on the target system.

A local user can obtain elevated privileges on the target system.

Solution:   The vendor has issued a fix.

The vendor advisories are available at:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

Vendor URL:  security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr (Links to External Site)
Cause:   Boundary error, Not specified

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 21 2017 (Lenovo Issues Fix for Lenovo PC) Intel Management Engine Multiple Flaws Let Remote Authenticated Users and Local Users Gain Elevated Privileges
Lenovo has issued a fix for Lenovo PC.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2018, SecurityGlobal.net LLC