Intel recently released a security advisory detailing several security flaws in its Management Engine (ME). The advisory provides critical ME, Trusted Execution Technology (TXT), and Server Platform Services (SPS) firmware updates for versions 8.X-11.X covering multiple CVE IDs, with CVSS scores between 6.7 and 8.2.
But there is also another notable vulnerability that can pose a bigger risk especially to corporate computers and networks: CVE-2017-5689, a privilege escalation flaw. While there are certain factors and/or triggers for this vulnerability, it can provide attackers administration access and enable them to remotely reset or power off the vulnerable system if exploited successfully. This security issue was divulged in the research, “Silent Bob is Silent.” Compared to the recently identified ME vulnerabilities, CVE-2017-5689 was assigned a CVSSv3 score of 9.8.
Read More