The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Determine CVE-2020-0594 Vulnerability Status

Description: This query discovers the Intel Management Engine (IME) version, and cross-references it against a known fix version of the IME within BIOS. 

What The Data Shows: The Current IME version within BIOS, if the device is/is NOT vulnerable, the platform/hardware model, and the current BIOS Version of that endpoint

SQL: 

WITH
B1 AS
(select 1 as one, version as 'IME_VERSION',
CASE
WHEN Version like '11.8%' AND Version >= '11.8.77' THEN 'NOT Vulnerable'
WHEN Version like '11.12%' AND Version >= '11.12.77' THEN 'NOT Vulnerable'
WHEN Version like '11.22%' AND Version >= '11.22.77' THEN 'NOT Vulnerable'
WHEN Version like '12.0%' AND Version >= '12.0.64' THEN 'NOT Vulnerable'
ELSE 'Vulnerable to CVE-2020-0594'
END 'CVE_STATUS'
from intel_me_info),
B2 AS
(SELECT HARDWARE_MODEL, 1 AS one FROM system_info),
B3 AS
(SELECT VERSION, 1 as one from platform_info)
SELECT
B1.IME_VERSION,
B1.CVE_STATUS,
B2.HARDWARE_MODEL,
B3.VERSION
FROM b1
JOIN b2 USING(one)
JOIN b3 USING(one);

> Requirement: Please test all submissions using Live Query or Osquery before posting.

 

1 Comment
jnelson
Carbon Black Employee
Status changed to: Approved