Intel Active Management Technology (AMT) Web UI Clickjacking Weakness (INTEL-SA-00081) (remote check)
Medium Nessus Plugin ID 101165
SynopsisThe management engine on the remote host is affected by a clickjacking weakness.
DescriptionThe Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and according to its self-reported version in the banner, it is running Intel manageability firmware version 9.0.x or 9.1.x prior to 188.8.131.520, 9.5.x prior to 184.108.40.2062, 10.0.x prior to 10.0.50.1004, 11.0.x prior to 220.127.116.115, or 11.6.x prior to 18.104.22.1689. It is, therefore, affected by a clickjacking weakness in the web user interface due to a failure to conceal hyperlinks beneath legitimate, clickable content using opaque overlays. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to make users perform unintended actions or to hijack users' web clicks.
SolutionContact your system OEM for updated firmware per the vendor advisory.