We've had some inquiries about checks for CVE-2017-5689, a vulnerability affecting Intel AMT devices. On May 5th, 2017, we released a potential vulnerability check that can help identify assets that may be vulnerable. We initially ran into issues with trying to determine the exact version of the firmware remotely, and so a potential check was released so that you would still be able to identify devices that may be impacted by this.
We didn't stop there though. As part of yesterday's Nexpose release, we issued an updated vulnerability check that is a remote direct condition test that will definitively identify the issue if it is present. Detection of this vulnerability does not require authentication to the asset.
Please note, you will have to modify your scan template to include a couple of extra TCP ports: 16992 and 16993. To learn more about how to configure your scan template see this help page for details. Happy Hunting!
UPDATE - May 12th, 2017: On Wednesday, May 10th, we also added an unauthenticated scanner in Metasploit to check for vulnerable systems in a network, gathering metadata such as firmware version, serial number, vendor, and model number.
Related blog posts
Vulnerabilities and Exploits
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
Douglas McKee, Director, Vulnerability Intelligence
Vulnerabilities and Exploits
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
Stephen Fewer
Vulnerabilities and Exploits
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
Jonah Burgess
Vulnerabilities and Exploits
CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)
Jonah Burgess, Stephen Fewer