CVE-2022-30944

Vulnerability

The vulnerability exists in Intel(R) Active Management Technology (AMT) and Intel(R) Standard Manageability (ISM) firmware. Affected versions include various Intel(R) AMT and ISM builds prior to the firmware updates released in August 2022. The issue stems from insufficiently protected credentials, meaning the firmware did not adequately safeguard authentication tokens or secrets stored in its memory or accessible via management interfaces. A privileged user—one with administrative or system-level access on the host operating system—can exploit this gap.

Exploitation

An attacker must have local access to the system and possess high privileges (e.g., root or Administrator rights). The exploitation sequence involves using those privileges to read the firmware’s credential store or intercept credential data that was inadvertently exposed. Intel's advisory states that the attack vector is local, requiring the attacker to already be in a privileged position on the machine. No network-based exploitation is possible, and no user interaction beyond the attacker’s own actions is required.

Impact

Successful exploitation allows the attacker to disclose credentials that are stored or transmitted by Intel(R) AMT/ISM. This information disclosure could include management passwords, secrets, or tokens, potentially enabling further compromise of the management subsystem. The privilege level achieved is that of an authenticated Intel(R) AMT/ISM administrator (i.e., the attacker can use the exposed credentials to gain full control of the management engine). The scope of impact is limited to the local machine’s management engine; however, if the management credentials are reused across the network, the impact could be broader.

Mitigation

Intel released firmware updates to address this vulnerability as part of Intel-SA-00709, dated August 2022. Affected users should update their Intel(R) AMT and Intel(R) Standard Manageability firmware to the latest available versions provided by their system or motherboard vendor. Intel recommends following the guidance in the advisory [1]. No workaround is available other than applying the fix. The CVE is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog as of the publication date.