Intel ME has a Manufacturing Mode designed to be used exclusively by motherboard manufacturers. This mode provides some additional opportunities that an attacker can take advantage of. When Manufacturing Mode is enabled, Intel ME allows execution of the command which makes the ME region writable via the SPI controller built into the motherboard. The ability to run code and send commands to Intel ME on the attacked system allows the attacker to rewrite the Intel ME firmware onto another version. So the attacker is able to deploy the firmware which is vulnerable to INTEL-SA-00086 and execute arbitrary code on Intel ME even if the system is patched. This archive contains Python 2.7 scripts for checking the state of the Intel ME Manufacturing Mode.
235b70227bc92b3231532b82cf626382fd758eae4bb791331c523d42092038baProof of concept exploit that demonstrates a buffer overflow vulnerability in the Intel Management Engine as described in INTEL-SA-00086.
c02278512d883fa36838e5c564099cc4c6de0ef89e106b3e633e796c817b0fda
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed