Is Netreo vulnerable to the Intel AMT/ISM exploit?

In May 2017, security vulnerability CVE-2017-5689 was disclosed that affects Intel-based hardware systems running Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

Exploiting this vulnerability means that an unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on affected systems.

Although some versions of the Netreo hardware appliance use Intel processors, Netreo is not vulnerable to this exploit. Netreo appliances shipped in the last 5 years use processors and firmware that are not affected by this problem.

Netreo appliances installed as Virtual Appliances are not specifically affected as the issue in question only occurs at the hardware level. However, Netreo recommends that customers using Intel-based hardware in their virtualization environment check their hardware platforms to make sure that they are not affected by this vulnerability using the resources provided by Intel here.

If you have any concerns, please feel free to contact Netreo Support.