This week, Intel engineers released hotfixes for Active Management Technology (AMT) and Intel Standard Manageability (ISM), addressing a critical vulnerability.
The AMT and ISM bug was one of the most serious issues the company has addressed this month. The vulnerability is tracked as CVE-2020-8758 and scored 9.8 out of 10 points on the CVSS vulnerability rating scale.
If exploited, the issue results in privilege escalation by an unauthenticated attacker. The bug occurs due to incorrect buffer limits in the network subsystem. All versions of Intel AMT and Intel ISM up to 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 are vulnerable to attacks.
“If a customer is using Intel vPro without AMT support, an authenticated user with local access to the system may still be able to escalate privileges,” Intel experts warn.
But in addition to patches to fix the bug in AMT and ISM, the company also released fixes for its other products this month. So, the vulnerability was fixed CVE-2020-0570 in the BIOS firmware for Intel Core 8, 9 and 10th generation processors. The bug scored 7.6 on the CVSS scale and could lead to escalation of privileges, denial of service, or information disclosure, provided the attacker had physical access to the vulnerable system.
Bug fixed in BIOS firmware for 8th Gen Intel Core and Intel Pentium Silver CVE-2020-0571 medium severity, also allowing disclosure.
There were also released fixes for three other medium severity bugs affecting 8th, 9th and 10th Gen Intel Core and Celeron 4000/5000 /. The vulnerabilities could lead to elevation of privilege or denial of service (CVE-2020-8672 and CVE-2019-14557) and information disclosure (CVE-2020-8671).
In addition, Intel has fixed a bug CVE-2020-12302 in Intel Driver & Support Assistant, which could lead to local escalation of privileges. Version 126.96.36.199 or later fixes the issue.