I’ve seen plenty of Intel ME vulnerabilities and other security-related issues with the co-processor. However, most seem to be focusing on the extended ME features available on vPro CPUs, which allow complete remote control and function similarly to other out-of-band management systems.
In the following two situations, what can an attacker actually achieve using the ME?
A desktop machine with a standard, recent Intel CPU is connected to a trusted local network via the on-motherboard Ethernet NIC. Assume that the LAN is behind a NAT-enabled router, and that no ports are forwarded to the machine.
A laptop (also with a non-vPro processor), is connected to an untrusted wireless and/or wired Ethernet network (say at an office or coffee shop).
I have seen Intel Management Engine vulnerabilities in CPUs without vPro, but it seems to focus on one particular vulnerability that affected only vPro CPUs.
