It’s been a while since our last post, so we wanted to provide something useful this time around. Recently, Intel has issued a fix for CVE-2017-5689, which is an Escalation of Privilege vulnerability in “Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6” – a vulnerability which is detectable remotely.

This vulnerability is widespread. In fact, attackers could simply use shodan.io to compile a list of vulnerable targets. See the attached image below of targets.

Since it is so easy to detect targets using a simple HTTP GET request, we are providing a python script to detect if your webserver is vulnerable! If you are vulnerable, Intel has made the advisory for this vulnerability available here, with steps towards a fix:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

For even more information on the vulnerability, we recommend visiting the National Vulnerability Database entry for CVE-2017-5689. At the time of writing this blog post, the vulnerability is awaiting analysis. However as more information comes to light the NVD will update the page with that information. That entry is available here:

https://nvd.nist.gov/vuln/detail/CVE-2017-5689

Happy hunting!

https://github.com/CerberusSecurity/CVE-2017-5689