Avamar: CVE-2017-5689 on Avamar Data Store

The vulnerability in Intel Active Management Technology (AMT) technology has been discovered and published as CVE-2017-5689 on May 02, 2017.

An unprivileged network attacker could gain system privileges to provisioned Intel manageability Stock Keeping Units (SKUs): Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

The Security Scanners are unable to check all components.

The following conditions must be met for the system to be vulnerable:

• vPro® Technology in the CPU
• Management Engine (ME) Interface in the support chips (Management Engine Interface (MEI) or Host-Embedded Controller Interface (HECI) devices should be present in the output of lspci)
• Active Management Technology (AMT) management firmware (has a BIOS splash screen)
• Network interface

While Intel Xeon processors that are used in Avamar Data Store Gen4, Gen4s and Gen4T are equipped with the vPro® Technology, there is no Management Engine (ME) interface or Active Management Technology (AMT) management firmware on any of the Avamar nodes. The management is handled using the Baseboard Management Controller (BMC) with Intelligent Platform Management Interface (IPMI). That means, the Avamar Data Store nodes are not vulnerable to CVE-2017-5689.