A security vulnerability has been discovered in Intel’s manageability firmware that impacts all Intel OEMs. This vulnerability is a security flaw that originated in the development and deployment of Intel's Manageability firmware. The vulnerability affects some of HP’s commercial PCs, 2 consumer PCs, workstations, thin clients, and retail point of sale products. HP’s priority and focus is on supporting our customers and ensuring the safety and security of their systems. Intel has released a security advisory ( https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr) as noted below: There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. There are two ways this vulnerability may be accessed, please note that Intel® Small Business Technology is not vulnerable to the first issue. An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
VULNERABILITY SUMMARY
Reference
|
Base Vector
|
Base Score
|
CVE-2017-5689
|
(1) Provisioned systems:
(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
|
(1) 9.8
|
(2) Unprovisioned systems:
(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
|
(2) 8.4
|
PI
|
HP Printing and Imaging
|
HF
|
HP Hardware and Firmware
|
ST
|
HP Storage Software
|
GN
|
HP General Software
|