(In)Security Management Engine

   The out of band management system bundled on almost all Intel processors has become a hot target for attackers in recent years. This is because it runs alongside the main processor and has virtually unrestricted access to all the hardware in the machine. As long as the machine has power the management engine is sitting there silently waiting for commands from a system administrator with access to it. While this feature can be a huge help for administrators managing a large number of machines it also presents an extremely attractive attack point.

    Intel provides a number of different subsystems under the Converged Security and Management Engine (CSME). The management engine is the specific firmware for mainstream chips, they also provide Server Platform Services (SPS) for server hardware and the Trusted Execution Engine (TXE) for tablets and other low power devices. Security researchers have been skeptical of the CSME for years due to it being closed source, having full access to the hardware, and its inability to be disabled. Several vulnerabilities have been found in the system by various researchers in the past. It’s time to make sure your systems are up to date as Intel just released a bug advisory with 77 found vulnerabilities, including one listed as critical.
    The most critical vulnerability found (CVE-2019-0169) is a heap overflow bug that could allow an unauthenticated attacker to take over a target system or cause a denial of service. Other high security bugs were found as well including cross site scripting, insufficient access control, and privilege escalation. For most of the attacks the only requirement is that the target machine is on the same network as the attacker. While many of the vulnerabilities allow an already privileged user to escalate their privileges, some of them require no prior authorization. By chaining these types of vulnerabilities together it would be possible for someone to go from having no access to having full privileges on the machine.
    Most of the vulnerabilities were found by Intel itself as part of an internal audit designed to harden the CSME system. 10 of the vulnerabilities came from independent researchers who reported the bugs to Intel. As always, it is important to make sure your systems are up to date, especially if public facing or used on untrusted networks. The required patches are typically bundled in your operating systems update mechanism such as processor micro code updates. Depending on your specific hardware and software setup you may have to acquire and run the updates manually.

Sources

 • https://threatpost.ccom/intel-critical-info-disclosure-bug-securityengine/150124/

https://blogs.intel.com/technology/2019/11/ipas-november-2019-intelplatform-update-ipu/11