본문 바로가기
HW Knowledge

Intel AMT Security bypass issue

by 스쳐가는인연 2018. 1. 20.

Intel AMT fw 보안 문제는 대부분의 Enterprise Server 시스템에 영향을 주지 않는다.

일부 영향을 받는 시스템들에 대하여는 각 제조사에서 패치를 제공하고 있다.

 

해외에서 발표된 보안 취약 관련 뉴스:

------------------------------------------------------

INTEL AMT SECURITY ISSUE LETS ATTACKERS BYPASS LOGIN CREDENTIALS IN CORPORATE LAPTOPS

https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/

 

A Security Issue in Intels Active Management Technology (AMT)

https://business.f-secure.com/intel-amt-security-issue

------------------------------------------------------

 

AMT 기능은 기본적으로는 Client 에 사용되는 기술로, 서버 동작에 영향을 주지 않는다.

원격 관리(Remote Management)를 위해 일부 기Intel Management Engine(IME)사용됨에 따라

연관된 보안 취약 부분은 기 수정이 진행되어 패치를 배포 중에 있다.(하단 게시판 참조)

------------------------------------------------------

Intel AMT Escalation of Privilege Vulnerability (CVE-2017-5689)

http://h22208.www2.hpe.com/eginfolib/securityalerts/CVE-2017-5689-Intel/CVE-2017-5689.html

This vulnerability allows an unprivileged network or local attacker to gain control of the remote manageability features of Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) platforms. This vulnerability affects Intels AMT firmware and the products identified as not impacted do not use AMT firmware.

 

Dell EMC Response to Intel AMT Advisory (INTEL-SA-00075) and CVE-2017-5689 (Common Vulnerabilities and Exposures)
https://www.dell.com/support/article/kr/ko/krdhs1/sln306252/dell-emc-response-to-intel-amt-advisory-intel-sa-00075-and-cve-2017-5689-common-vulnerabilities-and-exposures-?lang=en

Dell Engineering has determined that the vast majority of Enterprise products do not support AMT with the exception of the T20 & T30 platforms. All other Dell PowerEdge platforms and remote management controllers are unaffected.

 

Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation
https://support.lenovo.com/kr/en/product_security/len-14963

System x -Lenovo- Not affected
System x (IBM)- Not affected

 

Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

This vulnerability does not exist on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intel® Server Platform Services (Intel® SPS), or Intel® Xeon® Processor E3 and Intel® Xeon® Processor E5 workstations utilizing Intel® SPS firmware.

------------------------------------------------------

 

AMT 이슈 관련 Intel 발표 가이드:

------------------------------------------------------

Security Best Practices of Intel® Active Management Technology Q&A December 2017

https://www.intel.com/content/dam/support/us/en/documents/technologies/Intel_AMT_Security_Best_Practices_QA.pdf

 

Below is a list of Security Advisories that apply to Intel Active Management Technology

INTEL-SA-00075 Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

INTEL-SA-00081 Intel® AMT Clickjacking Vulnerability

INTEL-SA-00082 Intel AMT® Upgradable to Vulnerable Firmware

INTEL-SA-00093 Frame replay vulnerability in Wi-Fi subsystem in Intel® Dual-Band and TriBand

 

INTEL-SA-00086 Intel Q317 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

 

Summary:

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.

------------------------------------------------------

 

IME 관련 수정 내용:

------------------------------------------------------

HPE

CUSTOMER BULLETIN: (Revision) HPE Servers - Some Systems Using Certain Intel Processors Are Vulnerable to Local Denial of Service and Execution of Arbitrary Code

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00036596en_us

 

For all impacted ProLiant and Synergy Gen10 systems:

Intel Xeon Processor Scalable Family

 

1.First, update the System ROM to version 1.26 (or later).

2.Then, update the Innovation Engine to version 0.1.5.2 (or later).

3.Finally, update the Server Platform Services (SPS) firmware to version 04.00.04.288.

4.As a last step, update to the Gen10 System Recovery Set.

 

For the ProLiant DL20 Gen9, and the ProLiant ML30 Gen9 server:

Server Platform Services (SPS) Firmware, and choose version 04.01.04.054 (or later).

 

For the ProLiant m710x Server Cartridge:

HPE ProLiant m710x Server Cartridge ME Firmware Version 10/17/2017

------------------------------------------------------

반응형