Vulnerabilites related to intel - r2000wf
Vulnerability from fkie_nvd
Published
2022-11-11 16:15
Modified
2025-02-05 16:15
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | s2600wf_firmware | * | |
| intel | s2600wf | - | |
| intel | r1000wf_firmware | * | |
| intel | r1000wf | - | |
| intel | r2000wf_firmware | * | |
| intel | r2000wf | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:s2600wf_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E3FE8CE-4C6E-46C1-B170-417F750796D8", versionEndIncluding: "02.01.0014", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:s2600wf:-:*:*:*:*:*:*:*", matchCriteriaId: "27BE1FB4-58DA-4BE1-A3E8-6EE00C88AE46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:r1000wf_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9EE973-A792-479A-B63F-E3F97B8990DE", versionEndIncluding: "02.01.0014", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:r1000wf:-:*:*:*:*:*:*:*", matchCriteriaId: "9D5E07CC-3948-4664-AE8E-0517D9D66211", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:intel:r2000wf_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E7AFE5E3-2121-48CD-B654-38CE5BF2E09C", versionEndIncluding: "02.01.0014", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:intel:r2000wf:-:*:*:*:*:*:*:*", matchCriteriaId: "6A81AAF3-6D8B-4758-A6C5-99E6B29A1760", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.", }, { lang: "es", value: "La validación de entrada incorrecta en el firmware para algunas familias de Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF e Intel(R) Server System R2000WF anteriores a la versión R02.01.0014 puede permitir que un usuario privilegiado habilite potencialmente una escalada de privilegios a través del acceso local.", }, ], id: "CVE-2022-30542", lastModified: "2025-02-05T16:15:33.117", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 6, source: "secure@intel.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-11T16:15:14.613", references: [ { source: "secure@intel.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html", }, ], sourceIdentifier: "secure@intel.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
cve-2022-30542
Vulnerability from cvelistv5
Published
2022-11-11 15:48
Modified
2025-02-05 15:26
Severity ?
EPSS score ?
Summary
Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families |
Version: before version R02.01.0014 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:48:36.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html", tags: [ "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-30542", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T20:40:47.572106Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-05T15:26:46.640Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families", vendor: "n/a", versions: [ { status: "affected", version: "before version R02.01.0014", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation in the firmware for some Intel(R) Server Board S2600WF, Intel(R) Server System R1000WF and Intel(R) Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "escalation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-14T17:46:25.524Z", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00708.html", }, ], }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2022-30542", datePublished: "2022-11-11T15:48:55.893Z", dateReserved: "2022-06-09T05:41:11.417Z", dateUpdated: "2025-02-05T15:26:46.640Z", requesterUserId: "18e72eb2-8568-4e08-88e2-81b49c53dae3", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }