An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
intel active management technology firmware 6.1 |
||
intel active management technology firmware 6.2 |
||
intel active management technology firmware 10.0 |
||
intel active management technology firmware 11.0 |
||
intel active management technology firmware 6.0 |
||
intel active management technology firmware 9.0 |
||
intel active management technology firmware 9.1 |
||
intel active management technology firmware 9.5 |
||
intel active management technology firmware 7.0 |
||
intel active management technology firmware 7.1 |
||
intel active management technology firmware 11.5 |
||
intel active management technology firmware 11.6 |
||
intel active management technology firmware 8.0 |
||
intel active management technology firmware 8.1 |
BIOS fixes for most boxen promised Friday
Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, is scrambling to catch up with peers HP Inc, Lenovo and Fujitsu. In a note published on Friday, the company said it would publish firmware fixes for most vulnerable kit. As readers should already know, Intel introduced the bug in 2010, and it turned out that an attacker need only offer an empty login string to Chipzilla's VPro AMT remote management firmware to access vulnerable syst...
Exploit to pwn systems using vPro and AMT
Code dive You can remotely commandeer and control computers that use vulnerable Intel chipsets by sending them empty authentication strings. You read that right. When you're expected to send a password hash, you send zero bytes. Nothing. Nada. And you'll be rewarded with powerful low-level access to a vulnerable box's hardware from across the network β or across the internet if the management interface faces the public web. Remember that the next time Intel, a $180bn international semiconducto...
Vuln reported in March, now fix is coming...
Updated For the past seven years, millions of Intel chips have harbored a security flaw that can be potentially exploited to remotely control and infect systems with spyware. Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products." That mean...