How to check whether AMT is enabled and provisioned under Linux

How do I check whether Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) enabled or disabled under Linux using command line for CVE-2017-5689 vulnerability?

The CVE-2017-5689 vulnerability defined as:

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

You can find out whether AMT is enabled and provisioned under Linux using the following methods.

Method #1: mei-amt-check tool

Use mei-amt-check tool. It is a simple tool that tells you whether AMT is enabled and provisioned on Linux systems. Requires that the mei_me driver (part of the upstream kernel) be loaded.


Clone repo using git command:
$ git clone
Sample outputs:

Cloning into 'mei-amt-check'...
remote: Counting objects: 15, done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 15 (delta 5), reused 15 (delta 5), pack-reused 0
Unpacking objects: 100% (15/15), done.

To build it, run:
$ cd mei-amt-check
$ make
$ ls

LICENSE  Makefile  mei-amt-check  mei-amt-check.c

Test it

Just type the following command:
$ sudo ./mei-amt-check
Sample outputs:

Fig.01: Intel AMT ENABLED

The above output indicate that AMT is enabled and it is not vulnerable to CVE-2017-5689.

If run on a Linux system with no AMT, output will look like:


If AMT is enabled and provisioned, output will look like:

Fig.02: AMT enabled with Linux driver loaded

If AMT is enabled and provisioned and the AMT version is between 6.0 and 11.2, and you have not upgraded your firmware, you are vulnerable to CVE-2017-5689. Disable AMT in your system firmware.

Method #2: Use nmap

Download a script as follows using wget command or curl command:
$ wget
Run nmap command as follows to test
$ nmap -p 16992 --script http-vuln-cve2017-5689
Sample outputs:

Starting Nmap 7.40 ( ) at 2017-05-14 22:39 IST
Nmap scan report for dellm6700 (
Host is up (0.00041s latency).
16992/tcp filtered amt-soap-http

Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

Make sure you update your BIOS to fix issue.


Posted by: SXI ADMIN

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.


How to KVM, QEMU start or stop virtual machine from command line (CLI)

KVM or Kernel Based Virtual Machine is a popular virtualization technology. It allows you to run virtual guest machines over a host machine. To start...

How to Docker backup Saving and restoring your volumes

Running a Docker volume backup First, we spin up a temporary container, and we mount the backup folder and the target Docker volume to this container....

How to Start and Enable Firewalld on CentOS 7

In this article, we discuss how to start and enable firewalld. It is highly recommended that you have a firewall protecting your server.Pre-Flight CheckThese...