Intel’s Remote AMT Privilege Escalation

If anybody asks why backdoors are a bad idea, mention Intel’s AMT. Well-intentioned, but as with all such systems, eventually succumbs to being hijacked for nefarious purposes. AMT is incredibly powerful, offering much more control over the target machine, not requiring any software, rootkits, authentication nor even an IP address. Being that AMT is implemented at a BIOS level, and the vast majority of motherboard manufacturers cease BIOS updates after less than a few years, there are hundreds of millions of vulnerable machines out there.

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
    • CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
    • CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Read More

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s