Intel® Converged Security Management Engine (Intel® CSME) Security Advisory: SA-00575
On February 8, 2022, Intel released information for security advisory INTEL-SA-00575. This information was released as part of Intel's regular product update process.
The security advisory discloses that a potential security vulnerability in the Intel® Active Management Technology (Intel® AMT) SDK, Intel® Setup
and Configuration Software (SCS) and Intel® Management Engine BIOS eXtensions (Intel® MEBx) may allow escalation of privilege.
Intel is releasing software and firmware updates to mitigate this potential vulnerability.
Refer to the public security advisory INTEL-SA-00575 for complete details on the Common Vulnerabilities and Exposures (CVEs) and Common Vulnerability Scoring System (CVSS) scores.
Affected products
Intel® AMT SDK before version 16.0.3.
Intel® SCS before version 12.2.
Intel® MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004.
Note | Firmware versions of Intel® AMT 2.x thru 10.x are no longer supported versions. There is no new general release planned for these versions. |
Recommendations:
Intel recommends updating the Intel® AMT SDK to version 16.0.3 or later.
Intel recommends updating the Intel® SCS to version 12.2 or transition to the latest version of Intel® Endpoint Management Assistant (Intel® EMA).
Intel recommends that users of the Intel® MEBx upgrade to versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 or later provided by the system manufacturer that addresses this issue.
Updates are available for download at these locations:
/content/www/us/en/developer/tools/active-management-technology-sdk/overview.html
/content/www/us/en/download/19449/intel-endpoint-management-assistant-intel-ema.html
Chipset/SOC or Processor | MEBx mitigated version or higher |
Intel® 500 Series Chipset | 15.0.0.0004 |
Intel® 500 Series Chipset | 15.0.0.0004 |
Intel® 400 Series Chipset | 14.0.0.0004 |
8th Gen Intel® Core™ processor Pentium® Gold processor series (G54XXU) Celeron® processor 4000 series |
12.0.0.0011 |
8th Gen Intel® Core™ processor | 11.0.0.0012 |
Intel® 300 Series Chipset | 12.0.0.0011 |
Intel® C240 series chipset | 12.0.0.0011 |
Intel® 200 series chipset Intel® 100 series chipset | 11.0.0.0012 |
Intel® C230 series chipset | 11.0.0.0012 |
Intel® 100 series chipset | 11.0.0.0012 |
Intel® C420 chipset | 11.0.0.0012 |
Intel® C620 series chipset | 11.0.0.0012 |
Note | Intel® Manageability Engine (Intel® ME) 3.x through 10.x firmware versions are no longer supported. There are no new releases planned for these versions. |
Recommendations
Contact your system or motherboard manufacturer to obtain a firmware or BIOS update that addresses this vulnerability. Intel cannot provide updates for systems or motherboards from other manufacturers.
Frequently Asked Questions
Click or the topic for details:
How do I mitigate these vulnerabilities?
Contact your system or motherboard manufacturer to obtain a firmware or BIOS update that addresses this vulnerability. Intel cannot provide updates for systems or motherboards from other manufacturers.What are the Vulnerability Descriptions, Common Vulnerabilities and Exposures (CVE) Numbers, and Common Vulnerability Scoring System (CVSS) information for the identified vulnerabilities associated with Intel® AMT and ISM?
See the INTEL-SA-00575 Security Advisory for full information on the CVEs associated with this announcement.How can I determine if I'm impacted by this vulnerability?
The Intel® Converged Security and Management Engine (Intel® CSME) Detection Tool can be run on any platform to assess if the platform is running the latest firmware version. The tool is available in Download Center.I have a system or motherboard manufactured by Intel (Intel® NUC, Intel® Mini PC) that is showing as vulnerable. What do I do?
Go to Intel Support and navigate to the support page for your product. You will be able to check for BIOS or firmware updates for your system.I built my computer from components, so I don't have a system manufacturer to contact. What do I do?
Contact the manufacturer of the motherboard you purchased to build your system. They are responsible for distributing the correct BIOS or firmware update for the motherboard.If you have additional questions on this issue, contact Intel Customer Support.