Intel Active Management Technology Escalation of Privilege

Publish Date: Oct 16, 2017 | 1 Ratings | 5.00 out of 5 | Print

Overview

Intel disclosed a security vulnerability in the Intel® Active Management Technology (AMT) firmware that ships in several NI controllers. The vulnerability can allow an unprivileged attacker to gain control of the manageability features provided by this technology. NI strongly recommends taking the action specified below for controllers with affected firmware.

Table of Contents

  1. Impact on NI Products
  2. Affected Products
  3. Mitigation
  4. CVSS Score
  5. Related Resources

1. Impact on NI Products

An attack can exploit this vulnerability on NI controllers with affected AMT firmware in two ways:

  • Local: If you have not enabled AMT on a controller, an unprivileged attacker with physical access can enable AMT to gain system-level privileges that can be accessed remotely as well as locally.
  • Remote: If you have enabled AMT on a controller, an unprivileged attacker with network access can gain system-level privileges.

 

Back to Top

2. Affected Products

Intel has observed the vulnerability in AMT firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, and 11.5.

 

Controller Minimum Version of Fixed Firmware Recommendation
cRIO-9081 6.2.61.3535 Apply Patch
cRIO-9082 6.2.61.3535 Apply Patch
cDAQ-9138 6.2.61.3535 Apply Patch
cDAQ-9139 6.2.61.3535 Apply Patch
PXI-8109 6.2.61.3535 Apply Patch
PXIe-8115 7.1.91.3272 Apply Patch
PXI-8115 7.1.91.3272 Apply Patch
PXI-8119 8.1.71.3608 Apply Patch
PXIe-8133 6.2.61.3535 Apply Patch
PXIe-8135 8.1.71.3608 Apply Patch
PXIe-8821 9.1.41.3024 Apply Patch
PXIe-8830mc 9.1.41.3024 Contact NI
PXIe-8840 Quad Core 9.1.41.3024 Apply Patch
PXIe-8840 9.1.41.3024 Apply Patch
IC-3172 10.0.55.3000 Apply Patch
IC-3173 10.0.55.3000 Apply Patch

 

 

Back to Top

3. Mitigation

Apply the recommended patches above to mitigate the vulnerability for the corresponding controller. If you chose not to apply the mitigation patch, you can reduce the security risk on controllers with vulnerable firmware by applying the two mitigations described below. Refer to the INTEL-SA-00075 Mitigation Guide for the commands to perform the following steps.

  1. If you have provisioned AMT on a controller, unprovision AMT to reduce the likelihood of remote exploitation.
  2. If you have enabled the Local Manageability Service (LMS), disable LMS to reduce the likelihood of local exploitation.

 

Back to Top

4. CVSS Score

  • Local: CVSSv3 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
  • Remote: CVSSv3 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

 

Back to Top

5. Related Resources

 

Back to Top

Bookmark & Share


Ratings

Rate this document

Answered Your Question?
Yes No

Submit