{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2017-025.pdf"
    },
    "title": "Critical Vulnerabilities Affecting Intel Firmware",
    "serial_number": "2017-025",
    "publish_date": "22-11-2017 07:02:00",
    "description": "On the 20th of November 2017, Intel reported that it has identified security vulnerabilities that could impact Intel Management Engine, Intel Trusted Execution Engine, and Intel Server Platform Services. As the result, an attacker could gain unauthorized access to platforms by impersonating the Intel Engines and platforms. An attacker could execute arbitrary code or cause system crash. The attacks can be conducted even when a computer is powered off.",
    "url_title": "2017-025",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities Affecting\u00a0Intel\u00a0Firmware'\nversion: '1.0'\nnumber: '2017-025'\ndate: 'November 21, 2017'\n---\n\n_History:_\n\n* _21/11/2017 --- v1.0: Initial publication_\n\n# Summary\n\nOn the 20th of November 2017, Intel reported that it _has identified security vulnerabilities that could potentially impact various product families of processors_ [1].\n\nThe following components are affected:\n\n* Intel\u00ae Management Engine (Intel\u00ae ME)\n* Intel\u00ae Trusted Execution Engine (Intel\u00ae TXE)\n* Intel\u00ae Server Platform Services (SPS)\n\n# Technical Details\n\nThe vulnerabilities received several CVEs: CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712, CVE-2017-5711, CVE-2017-5712, CVE-2017-5706, CVE-2017-5709, CVE-2017-5707, CVE-2017-5710 [2].\n\nAs the result of the above mentioned vulnerabilities, an attacker could gain unauthorized access to platforms by impersonating the Intel Engines and platforms, it can **execute arbitrary code** or **cause system crash**. Apparently, the **attacks can be conducted even when a computer is powered off** [5].\n\n# Products Affected\n\nSystems using Intel ME Firmware versions 11.0.0 through 11.7.0, SPS Firmware version 4.0, and TXE version 3.0 are impacted. Specific firmware versions on certain Intel processors families:\n\n*    6th, 7th, and 8th generation Intel\u00ae Core\u2122 Processor Family\n*    Intel\u00ae Xeon\u00ae Processor E3-1200 v5 and v6 Product Family\n*    Intel\u00ae Xeon\u00ae Processor Scalable Family\n*    Intel\u00ae Xeon\u00ae Processor W Family\n*    Intel Atom\u00ae C3000 Processor Family\n*    Apollo Lake Intel Atom\u00ae Processor E3900 series\n*    Apollo Lake Intel\u00ae Pentium\u00ae Processors\n*    Intel\u00ae Celeron\u00ae N and J series Processors\n\n# Recommendations\n\n* Follow the detection and mitigation procedure described in the _Recommendations_ section of the original Intel advisory [2].\n* Use Intel detection tool to analyze your systems for the vulnerabilities [3].\n* Follow Intel recommendations on checking with system OEMs for updated firmware [4].\n\n# References\n\n[1] <https://www.intel.com/content/www/us/en/support/articles/000025619/software.html>\n\n[2] <https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr>\n\n[3] <https://downloadcenter.intel.com/download/27150>\n\n[4] <http://www.intel.com/sa-00086-support>\n\n[5] <https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>21/11/2017 --- v1.0: Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On the 20th of November 2017, Intel reported that it <em>has identified security vulnerabilities that could potentially impact various product families of processors</em> [1].</p><p>The following components are affected:</p><ul><li>Intel\u00ae Management Engine (Intel\u00ae ME)</li><li>Intel\u00ae Trusted Execution Engine (Intel\u00ae TXE)</li><li>Intel\u00ae Server Platform Services (SPS)</li></ul><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerabilities received several CVEs: CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712, CVE-2017-5711, CVE-2017-5712, CVE-2017-5706, CVE-2017-5709, CVE-2017-5707, CVE-2017-5710 [2].</p><p>As the result of the above mentioned vulnerabilities, an attacker could gain unauthorized access to platforms by impersonating the Intel Engines and platforms, it can <strong>execute arbitrary code</strong> or <strong>cause system crash</strong>. Apparently, the <strong>attacks can be conducted even when a computer is powered off</strong> [5].</p><h2 id=\"products-affected\">Products Affected</h2><p>Systems using Intel ME Firmware versions 11.0.0 through 11.7.0, SPS Firmware version 4.0, and TXE version 3.0 are impacted. Specific firmware versions on certain Intel processors families:</p><ul><li>6th, 7th, and 8th generation Intel\u00ae Core\u2122 Processor Family</li><li>Intel\u00ae Xeon\u00ae Processor E3-1200 v5 and v6 Product Family</li><li>Intel\u00ae Xeon\u00ae Processor Scalable Family</li><li>Intel\u00ae Xeon\u00ae Processor W Family</li><li>Intel Atom\u00ae C3000 Processor Family</li><li>Apollo Lake Intel Atom\u00ae Processor E3900 series</li><li>Apollo Lake Intel\u00ae Pentium\u00ae Processors</li><li>Intel\u00ae Celeron\u00ae N and J series Processors</li></ul><h2 id=\"recommendations\">Recommendations</h2><ul><li>Follow the detection and mitigation procedure described in the <em>Recommendations</em> section of the original Intel advisory [2].</li><li>Use Intel detection tool to analyze your systems for the vulnerabilities [3].</li><li>Follow Intel recommendations on checking with system OEMs for updated firmware [4].</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.intel.com/content/www/us/en/support/articles/000025619/software.html\">https://www.intel.com/content/www/us/en/support/articles/000025619/software.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr\">https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&amp;languageid=en-fr</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://downloadcenter.intel.com/download/27150\">https://downloadcenter.intel.com/download/27150</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"http://www.intel.com/sa-00086-support\">http://www.intel.com/sa-00086-support</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/\">https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}