Shulou(Shulou.com)06/01 Report--

This article shows you how to carry out Intel CSME vulnerability early warning analysis, the content is concise and easy to understand, absolutely can make your eyes bright, through the detailed introduction of this article, I hope you can get something.

0x00 vulnerability background

Intel announced that potential security vulnerabilities in Intel CSME, Intel Server platform Services and Intel trusted execution engine firmware could allow for information disclosure, and Intel is releasing Intel CSME, Intel Server platform Services and Intel trusted execution engine updates to mitigate this potential vulnerability.

After evaluation, the 360-CERT team believes that the vulnerability risk level is high, and users are advised to refer to the relevant repair recommendations for defense.

Details of 0x01 vulnerability

CVE ID: CVE-2018-3655

Description: the vulnerability exists in subsystems in Intel CSME prior to version 11.21.55, Intel server platform services prior to version 4.0 and Intel trusted execution engine firmware prior to version 3.1.55, which may allow unauthenticated users to modify or disclose information through physical access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Unauthenticated users with physical access can:

Bypassing Intel CSME anti-replay protection may allow brute force attacks to obtain information stored in Intel CSME.

Obtain the password for unauthorized access to Intel MEBX.

Tamper with the integrity of the Intel CSME file system directory or server platform services and trusted execution environment (Intel TXT) data files.

The mitigation measures described in INTEL-SA-00086 do not prevent this problem because users with physical access to the system may be able to roll back to the earlier Intel CSME firmware affected by CVE-2017-5705Power2017-5706 and CVE-2017-5707.

0x02 scope of influence

This vulnerability affects Intel CSME firmware versions: 11.0 to 11.8.50,11.10 to 11.11.50,11.20 to 11.21.51.

Intel Server platform Services firmware version: 4.0 (Purley and Bakerville only).

Intel TXE version: 3.0 to 3.1.50.

Unaffected area:

Intel CSME firmware prior to version 11.0.

Intel Server platform Services prior to version 4.0.

TXE version prior to 3.0.

Intel CSME firmware version 11.8.55, 11.11.55, 11.21.55.

Intel Server platform Services 5.0 and later.

TXE 3.1.55 or later.

0x03 repair recommendation

Ask users of Intel CSME, Intel Server platform Services and Intel trusted execution engine (TXE) to update the latest patches.

The above content is how to carry on the Intel CSME vulnerability early warning analysis, have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.