Intel ID: INTEL-SA-00141
Advisory Category: Firmware
Impact of vulnerability: Denial of Service, Information Disclosure
Severity rating: HIGH
Original release: 09/11/2018
Last revised: 09/11/2018

Summary:

Multiple potential security vulnerabilities in Intel® Active Management Technology (AMT) in Intel® CSME firmware may allow arbitrary code execution, a partial denial of service or information disclosure. Intel is releasing Intel® CSME firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-3657
Description: Multiple buffer overflows in Intel® AMT in Intel® CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel® AMT execution privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2018-3658
Description: Multiple memory leaks in Intel® AMT in Intel® CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel® AMT provisioned to potentially cause a partial denial of service via network access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2018-3616
Description: Bleichenbacher-style side channel vulnerability in TLS implementation in Intel® Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
CVSS Base Score: 7.4 High
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

Intel® Management Engine (ME):
Updated ME Firmware version Replaces ME Firmware version
Intel® CSME 11.8.55 11.0.x, 11.5.x, 11.6.x, 11.7.x, 11.8.x
Intel® CSME 11.11.55 11.10.x, 11.11.x
Intel® CSME 11.21.55 11.20.x, 11.21.x
Intel® ME 10.0.60 10.0.x
Intel® ME 9.5.65* 9.5.x
Intel® ME 9.1.45* 9.0.x, 9.1.x
Intel® CSME 12.0.6 12.0.3
*resolves CVE-2018-3616 only.

Recommendations:

Intel recommends that users of Intel® CSME update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

Intel would like to thank Hanno Böck, Juraj Somorovsky (Hackmanit GmbH, RuhrUniversität Bochum) and Craig Young (Tripwire VERT) for reporting CVE-2018-3616 and working with us on coordinated disclosure.
CVE-2018-3657 and CVE-2018-3658 were found internally by Intel.

Revision History

Revision Date Description
1.0 09/11/2018 Initial Release

Source: INTEL-SA-00141