I don't see a QID for this. Is Qualys going to release something?
Intel® Product Security Center
Intel® Management Engine Critical Firmware Update (Intel SA-00086)
QID 38693 "Intel Active Management Technology Multiple Remote Code Execution Vulnerabilities" was released into production on 11/24/2017.
I am not seeing detection's on this QID even though i have confirmed vulnerable workstations that have been tested with Intel's provided assessment tool.
I've seen quite a few QID's using PANOS when it doesn't seem to apply, very confusing and frustrating.
Why does this QID have PANOS listed for Authentication, it's very confusing. Is this just a signature to check our FWs are vulnerable or not? I have used this QID to scan Servers and Workstations and I get no results when I know at least a few of them are vulnerable (according to the Intel Detection Tool).
I've asked Support to look at this.
Do any of you have a support case for this? If yes, please direct message it to me or email me at community-manager at Qualys, and I will escalate with Support. Thanks.
I have an open case on this.
Thank you! I escalated your case.
Be sure your firewall isn't blocking TCP ports 16992, 16993 -- both are required by the detection. I don't know whether this will solve everyone's issue, but it will solve it for at least one of the tickets filed.
I do not agree that we should open up the host firewall for proper detection. On Win10 the default firewall appears to have these ports blocked.
Its unfortunate that the agent does not pick this up. And since we do use the agent, we typically do not do remote scans. But, our host FW does have a rule allowing or scanners through, so I will test this out on a few machines that we know are vulnerable.
Retrieving data ...