Why Intel will never let owners control the ME – Info Linux
Things are even worse with CVE-2018-3628, which is described in advisory SA-00112. This vulnerability enables full-blown remote code execution in the AMT process of the Management Engine. Moreover, all signs indicate that—unlike CVE-2017-5712 in advisory SA-00086—attackers do not need an AMT administrator account.
What could possibly go wrong ?
Article Prepared by Ollala Corp