Intel Vulnerability Enables Multiple Issues
Posted by Michael on 17/02/2020Intel is warning users of a high severity flaw found within their firmware of it’s ‘Converged Security and Management Engine’ (CSME) which is used to power Intel’s ‘Active Management System’ hardware for the purpose of remote out-of-band management to consumers. This flaw could enable an attacker to conduct Privilege Escalation, Information Disclosure and Denial of Service.
“Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.” – Intel Advisory
The recommended route to remediate this issue is by updating the CSME version to it’s latest. The issues were found internally by Intel themselves thanks to Chedva Gottesman.
This was not the only vulnerability identified within Intel’s Products. In total there were six patched flaws on Tuesday including the mentioned high severity flaw within CSME.
The other five remaining vulnerabilities included a Medium severity flaw within Intel’s Renesas Electronics USB 3 driver that is common to Intel motherboards. This issue could potentially allow privilege escalation and comes from improper permissions in the installer. All versions of the driver have been affected by this issue.
“Intel has issued a Product Discontinuation notice for Intel Renesas Electronics USB 3.0 Driver and recommends that users of the Intel Renesas Electronics USB 3.0 Driver uninstall it or discontinue use at their earliest convenience,”
Another two Medium severity flaws exist within Intel’s RAID Web Console which could potentially allow users to configure the RAID custom storage controllers and the disk drives on the system. One of the Medium severity flaws is found in RAID Web Console 3 for Windows, which can be found from the improper permissions set in the installer. The other Medium severity can be found in RAID Web Console 2 which is also found from set improper permissions within the installer.
The final Medium severity flaw can be found in Intel Manycore Platform Software Stack, which is necessary to run Intel Xeon Phi Coprocessor which enables privilege escalation from improper permissions in the installer.
The sixth vulnerability comes from a flaw within Intel’s Software Guard Extension (SGX) SDK which again could enable privilege escalation.
Hedgehog Security is a full service Cyber Security consultancy. We are available at all times for all your Penetration Testing requirements. Hedgehog Security is here to help.