News

Intel’s AMT vulnerability in processors turns out to be relatively easy to exploit

By admin
Spread the love

The vulnerability in Intel’s Active Management Technology of business processors appears to be relatively easy to exploit. A remote management authentication screen can be bypassed by entering an empty string via a proxy.

In principle, a successful attack on the vPro-enabled processors that have AMT enabled only requires access to ports 16992 and 16993, reports Embedi, the security company that originally disclosed the vulnerability. Remote management is done via a web panel, for which there is an admin account by default.

The authentication for this is done via digest authentication, but a programming error came to light when parsing the firmware; the web server also accepted the input of an empty string for authentication. “Probably it’s a developer’s mistake, but that’s where the flaw lies,” Embedi writes in his white paper. Security company Tenable came to the same conclusion separately and reported that part of the correct response hash is also sufficient for authentication.

This does not mean that an empty input field of the browser is sufficient, since digest authentication ensures that the browser still sends a hash of 32 characters. In other words, not entering a password at the web panel via the browser does not provide access. The method only works if an empty string is entered at the web server via a proxy such as Burp Suite via ports 16992 and 16993.

The companies emphasize that systems can be taken over remotely, even if they are turned off, but are still connected to the mains and the internet. They also state that attackers can remove or replace entire operating systems since AMT runs independently of the OS. Attackers can take over the mouse, keyboard and monitor, modify the boot device, access the BIOS and remotely turn systems off and on, Embedi explains.

Last week, Intel disclosed vulnerability CVE-2017-568 in Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The vulnerability is in firmware versions from 6.x of the Nehalem generation of processors up to and including 11.6 from Kaby Lake. The vulnerable management features are part of Intel’s vPro platform for business processors. Intel’s consumer chips are not affected.

Dell has already announced patches for several OptiPlex, Latitude and Precision systems. Starting May 17, the first BIOS updates will come to machines, via Dell’s support site.

You might also like
News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

ASUS will produce and support NUC mini PCs after Intel exit

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Eurostar starts check-in with facial recognition at train stations in London