CVE-2020-8747 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2020-8747?

CVE-2020-8747 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows unauthenticated attackers to read memory outside intended boundaries in Intel AMT subsystems, potentially enabling information disclosure or denial of service. Affected systems include Intel AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45.

📋 TL;DR

This vulnerability allows unauthenticated attackers to read memory outside intended boundaries in Intel AMT subsystems, potentially enabling information disclosure or denial of service. Affected systems include Intel AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45.

💻 Affected Systems

Products:

Intel Active Management Technology (AMT)

Versions: Versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, and 14.0.45

Operating Systems: All operating systems with vulnerable Intel AMT firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Intel AMT firmware on systems with Intel vPro technology. Requires AMT to be enabled and accessible.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could leak sensitive memory contents including credentials, encryption keys, or system information, potentially leading to full system compromise.

🟠

Likely Case

Information disclosure of system memory contents and potential denial of service through system crashes.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to AMT interfaces.

🌐 Internet-Facing: HIGH - AMT interfaces are often exposed for remote management and the vulnerability requires only network access.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but requires network access to AMT management interfaces.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access to AMT interfaces but no authentication, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.8.80, 11.12.80, 11.22.80, 12.0.70, or 14.0.45 depending on platform

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391

Restart Required: Yes

Instructions:

1. Identify affected systems using Intel AMT. 2. Download appropriate firmware update from Intel. 3. Apply firmware update following Intel's instructions. 4. Reboot system to complete installation.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Intel AMT management interfaces

Configure firewall rules to block external access to AMT ports (typically 16992-16995, 623)

Disable AMT

all

Disable Intel AMT if not required

Access BIOS/UEFI settings and disable Intel AMT/Intel vPro features

🧯 If You Can't Patch

Implement strict network segmentation to isolate AMT interfaces from untrusted networks
Disable AMT functionality entirely if not required for business operations

🔍 How to Verify

Check if Vulnerable:

Check Intel AMT firmware version via Intel Management Engine Interface or system BIOS/UEFI

Check Version:

On Windows: wmic /namespace:\\root\Intel_ME_AMT path Intel_ME_System get Version

Verify Fix Applied:

Verify firmware version is updated to patched versions: 11.8.80, 11.12.80, 11.22.80, 12.0.70, or 14.0.45

📡 Detection & Monitoring

Log Indicators:

Unusual access attempts to AMT management ports
System crashes or instability related to AMT services

Network Indicators:

Traffic to AMT ports (16992-16995, 623) from unexpected sources
Unusual outbound traffic patterns after AMT access

SIEM Query:

source_port=16992 OR source_port=16993 OR source_port=16994 OR source_port=16995 OR source_port=623

📊 Metadata

CVE ID: CVE-2020-8747

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: November 12, 2020

Last Updated: November 21, 2024

🔗 References

https://security.netapp.com/advisory/ntap-20201113-0003/ Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391 Vendor Advisory
https://security.netapp.com/advisory/ntap-20201113-0003/ Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-8747, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Active Management Technology Firmware by Intel

Active Management Technology Firmware by Intel

Active Management Technology Firmware by Intel

Active Management Technology Firmware by Intel

Active Management Technology Firmware by Intel

Cloud Backup by Netapp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Disable AMT

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities