A critical Intel vulnerability could let unauthenticated attackers gain escalated privileges on Intel vPro corporate systems!
Intel patched a critical privilege escalation vulnerability in its Active Management Technology (AMT), which is used for remote out-of-band management of PCs.
AMT is part of the Intel vPro platform (Intel’s term for its range of computer hardware technologies) & is primarily used by enterprise IT shops for remote management of corporate systems.
The flaw can be exploited by an unauthenticated attacker on the same network, so as to gain escalated privileges. This issue (CVE-2020-8758), found internally by Intel employees, ranks 9.8 out of 10 on the CVSS scale, making it critical severity, said Intel in a Tues. security advisory.
“While we are not aware of the AMT issue being used in active attacks, Intel has provided detection guidance to various security vendors who have released signatures into their intrusion detection/prevention products, as an extra measure to help protect customers as they plan their deployment of this update,”
Jerry Bryant, Director of Communications with Intel Product Assurance & Security, said in a security advisory posted Tues.
The flaw flows from improper buffer restrictions in a 3rd party component network subsystem within Intel AMT (& Intel’s Standard Manageability solution, ISM, which has a similar function as AMT).
An important factor that impacts how difficult the flaw is to exploit is whether or not AMT is “provisioned.” To use AMT, systems must go through a process called “provisioning.” This process is used to connect the computer to a remote computer used to manage it (e.g., inserting a specially formatted USB drive).
If AMT is provisioned, it may allow an unauthenticated user to potentially enable escalation of privilege via network access. However, an attacker would need to be authenticated & have local access to exploit the flaw if the AMT system is un-provisioned (if the system is un-provisioned, the flaw also has a lower CVSS score of 7.8 out of 10).
“If the platform is configured to use Client Initiated Remote Access (CIRA) & environment detection is set to indicate that the platform is always outside the corporate network, the system is in CIRA-only mode & is not exposed to the network vector,” observed Bryant.
Intel AMT & Intel ISM
Affected are Intel AMT & Intel ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39.
“Intel recommends that users of Intel AMT & Intel ISM update to the latest version provided by the system manufacturer that addresses these issues,” according to Intel’s advisory.