Intel Active Management Technology Escalation of Privilege


Intel disclosed a security vulnerability in the Intel® Active Management Technology (AMT) firmware that ships in several NI controllers. The vulnerability can allow an unprivileged attacker to gain control of the manageability features provided by this technology. NI strongly recommends taking the action specified below for controllers with affected firmware.


Impact on NI Products

An attack can exploit this vulnerability on NI controllers with affected AMT firmware in two ways:

  • Local: If you have not enabled AMT on a controller, an unprivileged attacker with physical access can enable AMT to gain system-level privileges that can be accessed remotely as well as locally.
  • Remote: If you have enabled AMT on a controller, an unprivileged attacker with network access can gain system-level privileges.


Affected Products

Intel has observed the vulnerability in AMT firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, and 11.5.


Controller Minimum Version of Fixed Firmware Recommendation
cRIO-9081 Apply Patch
cRIO-9082 Apply Patch
cDAQ-9138 Apply Patch
cDAQ-9139 Apply Patch
PXI-8109 Apply Patch
PXIe-8115 Apply Patch
PXI-8115 Apply Patch
PXI-8119 Apply Patch
PXIe-8133 Apply Patch
PXIe-8135 Apply Patch
PXIe-8821 Apply Patch
PXIe-8830mc Contact NI
PXIe-8840 Quad Core Apply Patch
PXIe-8840 Apply Patch
IC-3172 Apply Patch
IC-3173 Apply Patch




Apply the recommended patches above to mitigate the vulnerability for the corresponding controller. If you chose not to apply the mitigation patch, you can reduce the security risk on controllers with vulnerable firmware by applying the two mitigations described below. Refer to the INTEL-SA-00075 Mitigation Guide for the commands to perform the following steps.

  1. If you have provisioned AMT on a controller, unprovision AMT to reduce the likelihood of remote exploitation.
  2. If you have enabled the Local Manageability Service (LMS), disable LMS to reduce the likelihood of local exploitation.


CVSS Score

  • Local: CVSSv3 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
  • Remote: CVSSv3 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


Was this information helpful?