Support Center > Search Results > SecureKnowledge Details
Check Point response to CVE-2017-5705 ... CVE-2017-5712 (multiple vulnerabilities in Intel ME and TE)
Symptoms
  • Multiple flaws in Intel ME and Intel TE allows local code execution and privilege escalation.
  • More information regarding the vulnerabilities can be found here.
Solution

Check Point products are not vulnerable to the below CVEs. Check Point platforms do not use those versions of ME, SPS, and TXE.

The platforms were checked with BIOS vendor source code and it was confirmed that they are not affected.


Here is a detailed table of all those CVEs:

 

CVE ID CVE Title
CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
CVE-2017-5707 Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
CVE-2017-5708 Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
CVE-2017-5709 Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
CVE-2017-5710 Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
CVE-2017-5711 Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
CVE-2017-5712 Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment