Google Alert – Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241) (CVE Vulnerability)

Vulnerability: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241)

Severity: High

Location: 623/TCP & 16992/TCP

Summary: Multiple potential security vulnerabilities in Intel Active Management Technology (Intel AMT) may allow escalation of privilege, information disclosure, and/or denial of service.
Vulnerability Detection Result

Installed version: 11.8.55.3510
Fixed version: 11.8.70
Installation
path / port:      /

Solution type: VendorFix  – Upgrade to version 11.8.70, 11.11.70, 11.22.70, 12.0.45 or later.

Affected Software/OS: Intel Active Management Technology 11.0 to 11.8.65, 11.10 to 11.11.65, 11.20 to 11.22.65 and 12.0 to 12.0.35.

Vulnerability Insight:

Intel Active Management Technology is prone to multiple vulnerabilities:

– Cross site scripting may allow a privileged user to potentially enable escalation of privilege via network access (CVE-2019-11132)

– Insufficient input validation may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access (CVE-2019-11088)

– Logic issue may allow an unauthenticated user to potentially enable escalation of privilege via network access (CVE-2019-11131)

– Insufficient input validation may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access (CVE-2019-0131)

– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via network access (CVE-2019-0166)

– Insufficient input validation may allow an unauthenticated user to potentially enable information disclosure via physical access (CVE-2019-11100)

Vulnerability Detection Method:

Checks if a vulnerable version is present on the target host.

Details: Intel Active Management Technology Multiple Vulnerabilities (INTEL-SA-00241) (OID: 1.3.6.1.4.1.25623.1.0.143286)

Version used: 2020-01-07T08:25:23+0000

References

CVE: CVE-2019-11132, CVE-2019-11088, CVE-2019-11131, CVE-2019-0131, CVE-2019-0166, CVE-2019-11100
CERT: CB-K19/0978, DFN-CERT-2019-2375
Other: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Article source at https://securityboulevard.com/2020/01/intel-active-management-technology-multiple-vulnerabilities-intel-sa-00241/