Hewlett Packard Enterprise Product Security Vulnerability Alerts
Intel AMT Escalation of Privilege Vulnerability (CVE-2017-5689)
Version 3.0 : Last Updated: June 5th, 2017
This website is updated frequently, as new product information becomes available.
On May 1st, 2017, Intel disclosed a new vulnerability with their Intel Manageability Firmware which is utilized on some systems containing Intel processors. This vulnerability allows an unprivileged network or local attacker to gain control of the remote manageability features of Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) platforms. This vulnerability affects Intel’s AMT firmware and the products identified as “not impacted” do not use AMT firmware.
Additional information about this vulnerability is available at the NIST website (CVE-2017-5689).
- Information provided by Intel is available below:
- Intel Security Advisory (INTEL-SA-00075)
- Intel Mitigation Guide
- Intel Detection Guide and Discovery Tool
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Family |
High-level product
description. |
Product Name |
Detailed product
description. |
CVE-XXXX |
Indicates whether
the specific product is affected by the cited vulnerability. |
(Impacted Y/N) |
|
If Impacted |
Information
regarding how to address a vulnerability. |
Mitigation Info |
|
Link to Security Bulletin |
Link to HPE's
Security Bulletin |
Use the following table to find vulnerability information.
(impacted Y/N) |
If Impacted - Mitigation |
Link(s) to security bulletin (PSRT or Vendor) |
|
ProLiant ML10 Gen9 Server |
Yes |
Update server firmware as described in the Security Bulletin
|
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us
|
Edgeline EL20 Intelligent Gateway Series |
Yes |
Under investigation |
|
Simplivity |
Under
Investigation |
|
|
XP Storage |
No
|
|
|
Hyper Converged |
No |
|
|
3PAR |
No |
|
|
StoreVirtual (P4000) |
No |
|
|
StoreEasy |
No |
|
|
StoreOnce |
No |
|
|
MSA Storage |
No |
|
|
ProLiant Servers (running HPE ProLiant System ROM
and HPE iLO firmware) |
No |
|
|
Synergy Frame Link Module (FLM) |
No |
|
|
Synergy Compute Modules |
No |
|
|
Synergy Image Streamer |
No |
|
|
Synergy Composer |
No |
|
|
Onboard Administrator (OA) |
No |
|
|
Virtual Connect |
No |
|
|
EXL Mission Critical Servers |
No |
|
|
HPE Edgeline EL10 Intelligent Gateway Series |
No |
|
|
HPE Edgeline Chasiss (EL1000 and EL4000) |
No |
|
|
HPE ProLiant Server Cartridges (M710x and M510) |
No |
|
|
Cloudline |
No |
|
|
Converged System 700, 300, 200 |
No |
|
|
Networking (H3C Network, HPE Network, Network
Security, Aruba Network) |
No |
|
|
Converged System 700, 300, 200 |
No |
|
|
NonStop |
No |
|
|
Enterprise Secure Key Manager (ESKM) |
No |
||
Atalla Ax160 HSM |
No |
|
|