Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)
Vulnerability: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)
Severity: High
Location: 623/TCP & 16992/TCP
Summary: Multiple potential security vulnerabilities in Intel Active Management Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.
Vulnerability Detection Result
Installed version: 11.8.55.3510
Fixed version: 11.8.70
Installation
path / port: /
Solution type: VendorFix – Upgrade to version 11.8.70, 11.11.70, 11.22.70, 12.0.45 or later.
Affected Software/OS: Intel Active Management Technology 11.0 to 11.8.65, 11.10 to 11.11.65, 11.20 to 11.22.65 and 12.0 to 12.0.35.
Vulnerability Insight:
Intel Active Management Technology is prone to multiple vulnerabilities:
– Cross site scripting may allow a privileged user to potentially enable escalation of privilege via network access (CVE-2019-11132)
– Insufficient input validation may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access (CVE-2019-11088)
– Logic issue may allow an unauthenticated user to potentially enable escalation of privilege via network access (CVE-2019-11131)
– Insufficient input validation may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access (CVE-2019-0131)
– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via network access (CVE-2019-0166)
– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via physical access (CVE-2019-11100)
Vulnerability Detection Method:
Checks if a vulnerable version is present on the target host.
Details: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241) (OID: 1.3.6.1.4.1.25623.1.0.143286)
Version used: 2020-01-07T08:25:23+0000
References
CVE: CVE-2019-11132, CVE-2019-11088, CVE-2019-11131, CVE-2019-0131, CVE-2019-0166, CVE-2019-11100
CERT: CB-K19/0978, DFN-CERT-2019-2375
Other: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
*** This is a Security Bloggers Network syndicated blog from SecurityOrb.com authored by Kellep Charles. Read the original post at: https://www.securityorb.com/uncategorized/intel-active-management-technology-multiple-vulnerabilities-intel-sa-00241/