Critical Intel Active Management Technology (ATM) Flaw Allows Privilege Escalation

DESCRIPTION

AMT is part of the Intel vPro platform (Intel’s umbrella marketing term for its collection of computer hardware technologies) and is primarily used by enterprise IT shops for remote management of corporate systems. The flaw can be exploited by an unauthenticated attacker on the same network, in order to gain escalated privileges. The issue (CVE-2020-8758), found internally by Intel employees, ranks 9.8 out of 10 on the CVSS scale, making it critical severity, according to Intel in a Tuesday security advisory.

IMPACT

he flaw stems from improper buffer restrictions in a third party component network subsystem within Intel AMT (and Intel’s Standard Manageability solution, ISM, which has a similar function as AMT).

One important factor that impacts how difficult the flaw is to exploit is whether or not AMT is “provisioned.” In order to use AMT, systems must go through a process called “provisioning.” This process is used to connect the computer to a remote computer used to manage it (for instance, inserting a specially formatted USB drive).

If AMT is provisioned, it may allow an unauthenticated user to potentially enable escalation of privilege via network access. However, an attacker would need to be authenticated and have local access to exploit the flaw if the AMT system is unprovisioned (if the system is unprovisioned, the flaw also has a lower CVSS score of 7.8 out of 10).

SYSTEM AFFECTED

Intel AMT and Intel ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39.

RECOMMENDATIONS

Following actions are recommended to be taken:

• Intel recommends that users of Intel AMT and Intel ISM update to the latest version provided by the system manufacturer that addresses these issues,

REFERENCES

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8758

https://threatpost.com/critical-intel-active-management-technology-flaw-allows-privilege-escalation/159036/