QID 38860

Date Published: 2022-02-14

QID 38860: Intel Active Management Technology, Intel Standard Manageability Privilege Escalation Vulnerability (INTEL-SA-00404)

Potential security vulnerabilities in Intel Active Management Technology (AMT), Intel Standard Manageability(ISM) may allow escalation of privilege, denial of service or information disclosure.

Affected Versions:
Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 QID Detection Logic (Un-authenticated):
Intel AMT and ISM when enabled exposes its version remotely on TCP ports 16992, 16993. This QID matches vulnerable versions based on the exposed information.

Successful exploitation may allow unauthenticated user to potentially enable escalation of privileges via network access.

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as High - 7.5 severity.

Solution

The vendor has released an updated firmware to fix the vulnerability. Please refer to Intel advisory INTEL-SA-00404 for details.

Vendor References

INTEL-SA-00404 - www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html

CVEs related to QID 38860

CVE-2020-8758 |

Software Advisories

Advisory ID	Software	Component	Link
INTEL-SA-00404			www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].