Intel AMT vulnerability proves even more serious

May 8, 2017 | 10:26

Tags: #amt #exploit #insecurity #ism #security #vulnerability

Companies: #dell #fujitsu #hp #intel #lenovo

Security researchers have warned that a remotely-exploitable vulnerability in the Active Management Technology (AMT) feature of Intel processors going back a decade is more serious than first thought, allowing attackers to bypass authentication by sending a simple null string.

Disclosed earlier this month, the vulnerability in Intel's Active Management Technology (AMT), Small Business Technology, and Standard Manageability (ISM) platforms have been the cause of no small consternation in corporate circles. Systems with an active AMT or ISM implementation - available only when AMT-equipped CPUs are used on a compatible and licensed motherboard and software platform - could be exploited over the network, but at the time it was believed such exploitation was relatively complex. Sadly, that turns out to have not been the case: exploiting the vulnerability is as simple as sending a null string when authentication is requested, which grants immediate and complete access to the remote system.

'Drawing on past experience when we reported an authentication-related vulnerability in which the length of credential comparison is controlled by the attacker (memcmp(attacker_passwd, correct_passwd, attacker_pwd_len)), we tested out a case in which only a portion of the correct response hash is sent to the AMT web server. To our surprise, authentication succeeded,' explained Tenable researcher Carlos Perez of his company's discovery in a blog post. 'Next, we reduced the response hash to one hex digit and authentication still worked. Continuing to dig, we used a NULL/empty response hash (response="" in the HTTP Authorization header). Authentication still worked. We had discovered a complete bypass of the authentication scheme.'

Although Intel has produced firmware patches which close the hole, it's up to hardware vendors themselves to tailor said firmware for their products and distribute the updates to customers. Thus far, HP, Lenovo, Fujitsu, and Dell have released firmware updates for supported devices - though end-of-life products are likely to remain vulnerable - while Intel itself has released a vulnerability scanner for detecting whether a system is affected by the flaw.
Discuss this in the forums

Posted by Corky42 - Mon May 08 2017 15:01

It looks like Intel have released a tool to check for the AMT vulnerability, it's portable so not much fuss to use if anyone is concerned.

Posted by Gareth Halfacree - Mon May 08 2017 15:17

Corky42
It looks like Intel have released a tool to check for the AMT vulnerability, it's portable so not much fuss to use if anyone is concerned.
Ahem:

The Article
Although Intel has produced firmware patches which close the hole, it's up to hardware vendors themselves to tailor said firmware for their products and distribute the updates to customers. Thus far, HP, Lenovo, Fujitsu, and Dell have released firmware updates for supported devices - though end-of-life products are likely to remain vulnerable - while Intel itself has released a vulnerability scanner for detecting whether a system is affected by the flaw.
:p

Posted by Corky42 - Mon May 08 2017 16:43

Time to go to the back of the class and put on my dunce cap, sorry. :duh:

Posted by adidan - Mon May 08 2017 16:56

Corky42
Time to go to the back of the class and put on my dunce cap, sorry. :duh:
Welcome, I keep the seats warm back here.
null
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04

In line with recent changes to data protection legislation in the UK and Europe we would like to direct you to our updated Privacy Policy here.