Hewlett Packard Enterprise Product Security Vulnerability Alerts
Intel Management Engine (ME) and Server Platform Services (SPS) Firmware Security Vulnerability (CVE-2017-5706/CVE-2017-5709)
Version 2.0 : Last Updated: November 29th, 2017
This website is updated frequently, as new product information becomes available.
Recently, one of our suppliers, Intel, discovered a potential security vulnerability in their Server Platform Services (SPS) firmware. The security vulnerability affected several of their processor architectures; however, not all of the impacted Intel server processor architectures are used in HPE products. Specifically, the SPS/ME firmware used in Intel’s architecture can be compromised using physical access. As a result, non-authenticated code may be executed in the SPS environment outside of the visibility of the user and operating system administrator.
These vulnerabilities are not unique to HPE servers and will affect any systems using Intel’s identified processor architectures with impacted firmware revisions.
Usage Instructions and Definitions for CVE Vulnerability Information |
|
Data |
Definition |
Product Family |
High-level product description. |
Product Name |
Detailed product description. |
CVE-XXXX |
Indicates whether the specific product is affected by the cited vulnerability. |
(Impacted Y/N) |
|
Impacted |
Indicates whether the specific product is directly affected by the cited vulnerability or is indirectly affected due to a dependence on a separate, embedded or associated product. |
Direct/Indirect |
|
If Impacted |
Information regarding how to address a vulnerability. |
Mitigation Info |
|
Notes |
Miscellaneous information regarding the vulnerability. |
Link to Security Bulletin |
Link to HPE's Security Bulletin |
Use the following table to find vulnerability information.