HPE ProLiant ML10 Gen9 CVE-2017-5689 Remote Access Restriction Bypass Advisory

Critical Vulnerability Information Vulnerability Overview Document ID: HPESBHF03754 rev.1 Release Date: 2017-05-26 Potential Security Impact: Remote Access Restriction Bypass Source: Hewlett Packard Enterprise, HPE Product Security Response Team CVSS Scores CVSS v3.0 Score: 8.1 CVSS v2.0 Score: 6.2 Affected Products Model: HPE ProLiant ML10 Gen9 Server (including versions with specific Intel Xeon E3-1200 v5 processors) Vulnerability Details Description: A remote access restriction bypass vulnerability exists in HPE ML10 Gen9 servers equipped with Intel Xeon E3-1200 v5 processors. This vulnerability allows unauthorized network or local attackers to gain control over remote management features of Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) platforms. Related CVE: CVE-2017-5689 Remediation Upgrade Requirements: System ROM must be upgraded to the latest version, followed by ME firmware update. System ROM version must be 1.06 or higher. Upgrade Tools and Firmware Download Links: - BIOS 1.06 (Windows): Link - BIOS 1.06 (Linux 6): Link - BIOS 1.06 (Linux 7): Link - ME 11.6.27.3264 (Windows): Link - ME 11.6.27.3264 (UEFI): Link Additional Information History: First published on 2017-05-26 Third-Party Security Patches: It is recommended to install third-party security patches when running HPE software products, in accordance with the customer’s security management policy. Support and Reporting: For questions regarding implementation of the security bulletin, contact HPE through normal service support channels. For other questions about the bulletin content, contact security-alert@hpe.com This is a concise Markdown summary of critical vulnerability information extracted from a webpage screenshot.

Goal Reached Thanks to every supporter — we hit 100%!

HPE ProLiant ML10 Gen9 CVE-2017-5689 Remote Access Restriction Bypass Advisory