Intel AMT SDK/EMA/MC Privilege Escalation Vulnerability (CVE-2022-26341) Advisory

Below is the key information summary for this vulnerability: ID: INTEL-SA-00680 Advisory Category: Software Impact of vulnerability: Escalation of Privilege Severity rating: HIGH Original release: 11/08/2022 Last revised: 11/30/2022 Summary A potential security vulnerability in the Intel® Active Management Technology (AMT) SDK, Intel® Endpoint Management Assistant (EMA), and Intel® Manageability Commander (MC) may allow privilege escalation. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details CVEID: CVE-2022-26341 Description: Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1, and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable privilege escalation via network access. CVSS Base Score: 8.2 High CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: Intel® AMT SDK before version 16.0.4.1. Intel® EMA before version 1.7.1. Intel® MC before version 2.3.2. Recommendations: Update Intel® AMT SDK to version 16.0.4.1. Update Intel® EMA to version 1.7.1. Update Intel® MC to version 2.3.2 or later. Intel® EMA: Download link Intel® MC: Download link Acknowledgements: This issue was found internally by Intel employees. Intel would like to thank Yossef Kuszer.

Goal Reached Thanks to every supporter — we hit 100%!

Intel AMT SDK/EMA/MC Privilege Escalation Vulnerability (CVE-2022-26341) Advisory