PSIRT Advisory

Intel-SA-00086 Security Review Cumulative Update

Summary

Intel recently released a security update (Intel-SA-00086), regarding Intel ME 11.x, SPS 4.0, and TXE 3.0 intel products.

The following Firmware are impacted:
Intel Management Engine (ME) Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20
Intel Server Platform Services (SPS) Firmware version 4.0
Intel Trusted Execution Engine (TXE) version 3.0

And the following Intel products are affected:
6th, 7th & 8th Generation Intel Core Processor Family
Intel Xeon Processor E3-1200 v5 & v6 Product Family
Intel Xeon Processor Scalable Family
Intel Xeon Processor W Family
Intel Atom C3000 Processor Family
Apollo Lake Intel Atom Processor E3900 series
Apollo Lake Intel Pentium
Celeron N and J series Processors

An attacker could gain unauthorized access to the platform, the Intel ME feature, and 3rd party secrets protected by the Intel Management Engine (ME), the Intel Server Platform Service (SPS), or the Intel Trusted Execution Engine (TXE).

This includes scenarios where a successful attacker could Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity. Concrete impact may be "load and execute arbitrary code outside the visibility of the user and operating system", or "system crash or system instability".

The assigned CVEs are:

CVEs:
Intel Manageability Engine Firmware 11.0.x.x/11.5.x.x/11.6.x.x/11.7.x.x/11.10.x.x/11.20.x.x
CVE-2017-5705
CVE-2017-5708
CVE-2017-5711
CVE-2017-5712

Intel Manageability Engine Firmware 8.x/9.x/10.x
CVE-2017-5711
CVE-2017-5712

Server Platform Service 4.0.x.x
CVE-2017-5706
CVE-2017-5709

IntelTrusted Execution Engine 3.0.x.x
CVE-2017-5707
CVE-2017-5710

Impact

Privilege Escalation

Affected Products

FortiGate model FGT-500E, FGT-501E
FortiWeb model FWB-1000E

The following products are NOT impacted:
FortiAP
FortiSwitch
FortiAnalyzer
FortiMail
FortiManager

Solutions

The affected models, FortiGate 500E, 501E and FortiWeb 1000E are undergoing a production firmware upgrading process. Refer to your local TAC for these 3 models firmware upgrade progress and further assistance.

Note that all related CVEs are "Privilege Escalation" type vulnerabilities. Arbitrary code execution is therefore only possible on the aforementioned products if the attack is combined with a local or remote code execution vulnerability (unrelated to intel issues) in the affected products. The Intel CVEs only aggravate the situation, if such vulnerabilities exist.

Based on the above, the impact to Fortinet products is low to "nonexistent".