Intel-SA-00086 Security Review Cumulative Update
Summary
Intel recently released a security update (Intel-SA-00086), regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products.
The following Firmware are impacted:
Intel® Management Engine (ME) Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20
Intel® Server Platform Services (SPS) Firmware version 4.0
Intel® Trusted Execution Engine (TXE) version 3.0
And the following Intel products are affected:
6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeronâ„¢ N and J series Processors
An attacker could gain unauthorized access to the platform, the Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), the Intel® Server Platform Service (SPS), or the Intel® Trusted Execution Engine (TXE).
This includes scenarios where a successful attacker could Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity. Concrete impact may be "load and execute arbitrary code outside the visibility of the user and operating system", or "system crash or system instability".
The assigned CVEs are:
CVEs:
Intel® Manageability Engine Firmware 11.0.x.x/11.5.x.x/11.6.x.x/11.7.x.x/11.10.x.x/11.20.x.x
CVE-2017-5705
CVE-2017-5708
CVE-2017-5711
CVE-2017-5712
Intel Manageability Engine Firmware 8.x/9.x/10.x
CVE-2017-5711
CVE-2017-5712
Server Platform Service 4.0.x.x
CVE-2017-5706
CVE-2017-5709
IntelTrusted Execution Engine 3.0.x.x
CVE-2017-5707
CVE-2017-5710
Affected Products
FortiGate model FGT-500E, FGT-501E, affected, but not exploitable under regular functioning conditions (see Solutions below).FortiWeb model FWB-1000E has a processor running a firmware affected by the issue, but the vulnerable functions were never enabled.
The following products are NOT impacted:
FortiAP
FortiSwitch
FortiAnalyzer
FortiMail
FortiManager