It's been since 2017 when the "Intel Internal Management Engine" blew up on the Internet, as described in this article, which states:
Since I acquired this laptop long after that bru-haha, I downloaded the tool from here and used it to see if my HP 17-cn1xxx was vulnerable.
$ sudo python3 intel_csme_version_detection_tool
[sudo] password for jerry:
Intel(R) CSME Version Detection Tool
Copyright(C) 2017-2023, Intel Corporation, All rights reserved.
Application Version: 9.0.1.0
Scan date: 2023-09-16 22:56:53 GMT
*** Host Computer Information ***
Name: GreyGeek
Manufacturer: HP
Model: HP Laptop 17-cn1xxx
Processor Name: 11th Gen Intel(R) Core(TM) i5-1155G7 @ 2.50GHz
OS Version: Debian GNU/Linux 12 (bookworm) (6.4.0-0.deb12.2-amd64)
*** Intel(R) ME Information ***
Engine: Intel(R) Converged Security and Management Engine
Version: 15.0.30.1776
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Converged Security and Management Engine firmware has a vulnerability listed in one or more of the public Security Advisories.
Contact your system manufacturer for support and remediation of this system.
For more information refer to the Intel(R) CSME Version Detection Tool User Guide or the related Intel Security Advisory list at:
https://www.intel.com/content/www/us...hnologies.htm;
These ME security holes impact millions of computers. This is a powerful tool that allows admins to remotely run computers, even when the device is not booted. Let me repeat that: If your PC has power, even if it's not running, it can be attacked. If an attacker successfully exploits these holes, the attacker can run malware that's totally invisible to the operating system.
Most, but not all, of ME's vulnerabilities require physical access for someone to exploit.
Most, but not all, of ME's vulnerabilities require physical access for someone to exploit.
$ sudo python3 intel_csme_version_detection_tool
[sudo] password for jerry:
Intel(R) CSME Version Detection Tool
Copyright(C) 2017-2023, Intel Corporation, All rights reserved.
Application Version: 9.0.1.0
Scan date: 2023-09-16 22:56:53 GMT
*** Host Computer Information ***
Name: GreyGeek
Manufacturer: HP
Model: HP Laptop 17-cn1xxx
Processor Name: 11th Gen Intel(R) Core(TM) i5-1155G7 @ 2.50GHz
OS Version: Debian GNU/Linux 12 (bookworm) (6.4.0-0.deb12.2-amd64)
*** Intel(R) ME Information ***
Engine: Intel(R) Converged Security and Management Engine
Version: 15.0.30.1776
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Converged Security and Management Engine firmware has a vulnerability listed in one or more of the public Security Advisories.
Contact your system manufacturer for support and remediation of this system.
For more information refer to the Intel(R) CSME Version Detection Tool User Guide or the related Intel Security Advisory list at:
https://www.intel.com/content/www/us...hnologies.htm;