cvelistv5 - CVE-2024-28947

CVE-2024-28947 (GCVE-0-2024-28947)

Vulnerability from cvelistv5

Published

2024-08-14 13:45

Modified

2024-08-22 03:55

Severity ?

7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

escalation of privilege
CWE-20 - Improper input validation

Summary

Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.

References

URL

	Vendor	Product	Version
	n/a	Intel(R) Server Board S2600ST Family firmware	Version: before version 02.01.0017

CERTFR-2024-AVI-0679

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Intel	N/A	Intel ISH software for 11th Generation Intel Core Processor Family versions antérieures à 5.4.1.4479
Intel	N/A	Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions antérieures à 5.4.1.4479
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions antérieures à 5.05.04.0008
Intel	N/A	Intel Advisor software versions antérieures à 2024.1
Intel	N/A	LAPAC71G and LAPAC71H versions antérieures à 0065
Intel	N/A	Intel Trace Analyzer and Collector versions antérieures à 2022.1
Intel	N/A	Intel oneAPI Base Toolkits versions antérieures à 2024.1
Intel	N/A	Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions antérieures à 5.27.06.0019
Intel	N/A	Intel Quartus Prime Pro Edition Design software versions antérieures à 23.4
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions antérieures à 5.27.03.0006
Intel	N/A	Intel Distribution pour Python pour Windows versions antérieures à 2024.1
Intel	N/A	Intel MPI Library versions antérieures à 2021.12
Intel	N/A	Intel MAS (GUI) versions antérieures à 2.5.0
Intel	N/A	Intel Simics Package Manager software versions antérieures à 1.8.3.
Intel	N/A	Intel Fortran Compiler versions antérieures à 2024.1
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions antérieures à 5.05.04.0008
Intel	N/A	Intel Agilex FPGA 7 FPGA firmware versions antérieures à 24.1
Intel	N/A	Intel NUC X15 Laptop
Intel	N/A	LAPKC51E, LAPKC71E, LAPKC71F versions antérieures à 0048
Intel	N/A	Intel High Level Synthesis Compiler software versions antérieures à 23.4
Intel	N/A	Intel FPGA SDK for OpenCL software technology, toutes versions
Intel	N/A	Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510
Intel	N/A	Intel IPP Cryptography software versions antérieures à 2021.11
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions antérieures à 5.13.00.2106
Intel	N/A	Intel VTune Profiler software versions antérieures à 2024.1
Intel	N/A	Intel Ethernet Adapter Complete Driver Pack software versions antérieures à 28.3
Intel	N/A	Intel HID Event Filter software versions antérieures à 2.2.2.1
Intel	N/A	Intel Connectivity Performance Suite software versions antérieures à 2.0
Intel	N/A	Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E.
Intel	N/A	Intel CIP software versions antérieures à 2.4.10717
Intel	N/A	Intel oneAPI Base Toolkit versions antérieures à 2024.1
Intel	N/A	Intel oneAPI HPC Toolkit versions antérieures à 2024.1.0.
Intel	N/A	Intel(R) Ethernet Controllers E800 Series avec des versions antérieures à NIC1.3 PV, NVM avec versions d'images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3.
Intel	N/A	Intel oneAPI DPC++/C++ Compiler versions antérieures à 2024.1.
Intel	N/A	Flexlm License Daemons for Intel FPGA Software version v11.19.5.0
Intel	N/A	Intel Quartus Prime Pro Edition Design Software versions antérieures à 24.1
Intel	N/A	Intel ISH software for 12th Generation Intel Core Processor Family versions antérieures à 5.4.2.4594
Intel	N/A	Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510
Intel	N/A	Intel Unite Client Extended Display Plugin software installer, toutes versions
Intel	N/A	Intel DPC++ C++ Compiler software versions antérieures à 2024.1
Intel	N/A	Intel(R) Ethernet Complete Driver Pack versions antérieures à 28.3
Intel	N/A	Intel Arc Iris Xe Graphics versions antérieures à 31.0.101.4824
Intel	N/A	Intel TDX module software versions 1.5.05.46.698
Intel	N/A	Intel Integrated Performance Primitive versions antérieures à 2021.11
Intel	N/A	LAPRC510, LAPRC710 versions antérieures à 0066
Intel	N/A	Intel Data Center GPU Max Series 1100 et 1550
Intel	N/A	Intel oneAPI Base Toolkit software versions antérieures à 2024.1
Intel	N/A	Intel Distribution pour GDB software versions antérieures à 2024.0.1
Intel	N/A	Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions antérieures à 5.13.00.2109
Intel	N/A	LAPBC510 and LAPBC710 versions antérieures à 0083
Intel	N/A	BMRA software versions antérieures à 22.08
Intel	N/A	Intel Graphics Performance Analyzers (Intel GPA) software versions antérieures à 2023.4
Intel	N/A	Intel License Manager for FLEXlm product versions antérieures à 11.19.5.0
Intel	N/A	VTune Profiler versions antérieures à VTune 2024.1
Intel	N/A	Processeurs Intel Xeon Scalable de 4ème et 5ème génération
Intel	N/A	Intel oneAPI HPC Toolkit versions antérieures à 2024.1
Intel	N/A	Intel VROC versions antérieures à 8.6.0.1191
Intel	N/A	Intel GPA software versions antérieures à 2024.1
Intel	N/A	Intel TDX module software versions antérieures à TDX 1.5.01.00.592
Intel	N/A	Intel oneAPI Math Kernel Library versions antérieures à 2024.1
Intel	N/A	Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions antérieures à 5.4.2.4594

References

Title

Publication Time

Tags

Bulletin de sécurité Intel INTEL-SA-01102	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01172	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01116	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01129	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00790	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01070	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01106	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01089	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01121	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01038	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01113	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01057	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01046	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01088	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01122	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01164	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01130	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01107	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01127	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01112	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01075	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01095	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01115	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01010	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01126	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01128	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01087	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01114	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01094	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00999	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01083	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01022	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01117	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01073	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00918	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01105	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01078	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01125	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01072	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01104	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01100	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01118	2024-08-13	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01110	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel ISH software for 11th Generation Intel Core Processor Family versions ant\u00e9rieures \u00e0 5.4.1.4479",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions ant\u00e9rieures \u00e0 5.4.1.4479",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions ant\u00e9rieures \u00e0 5.05.04.0008",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Advisor software versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "LAPAC71G and LAPAC71H versions ant\u00e9rieures \u00e0 0065",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Trace Analyzer and Collector versions ant\u00e9rieures \u00e0 2022.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Base Toolkits versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions ant\u00e9rieures \u00e0 5.27.06.0019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Quartus Prime Pro Edition Design software versions ant\u00e9rieures \u00e0 23.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions ant\u00e9rieures \u00e0 5.27.03.0006",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Distribution pour Python pour Windows versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel MPI Library versions ant\u00e9rieures \u00e0 2021.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel MAS (GUI) versions ant\u00e9rieures \u00e0 2.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Simics Package Manager software versions ant\u00e9rieures \u00e0 1.8.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Fortran Compiler versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions ant\u00e9rieures \u00e0 5.05.04.0008",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Agilex FPGA 7 FPGA firmware versions ant\u00e9rieures \u00e0 24.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC X15 Laptop",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "LAPKC51E, LAPKC71E, LAPKC71F versions ant\u00e9rieures \u00e0 0048",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel High Level Synthesis Compiler software versions ant\u00e9rieures \u00e0 23.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel FPGA SDK for OpenCL software technology, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel IPP Cryptography software versions ant\u00e9rieures \u00e0 2021.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions ant\u00e9rieures \u00e0 5.13.00.2106",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel VTune Profiler software versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Ethernet Adapter Complete Driver Pack software versions ant\u00e9rieures \u00e0 28.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel HID Event Filter software versions ant\u00e9rieures \u00e0 2.2.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Connectivity Performance Suite software versions ant\u00e9rieures \u00e0 2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CIP software versions ant\u00e9rieures \u00e0 2.4.10717",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Base Toolkit versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2024.1.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel(R) Ethernet Controllers E800 Series avec des versions ant\u00e9rieures \u00e0 NIC1.3 PV, NVM avec versions d\u0027images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI DPC++/C++ Compiler versions ant\u00e9rieures \u00e0 2024.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Flexlm License Daemons for Intel FPGA Software version v11.19.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Quartus Prime Pro Edition Design Software versions ant\u00e9rieures \u00e0 24.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel ISH software for 12th Generation Intel Core Processor Family versions ant\u00e9rieures \u00e0 5.4.2.4594",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Unite Client Extended Display Plugin software installer, toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel DPC++ C++ Compiler software versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel(R) Ethernet Complete Driver Pack versions ant\u00e9rieures \u00e0 28.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Arc Iris Xe Graphics versions ant\u00e9rieures \u00e0 31.0.101.4824",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel TDX module software versions 1.5.05.46.698",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Integrated Performance Primitive versions ant\u00e9rieures \u00e0 2021.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "LAPRC510, LAPRC710 versions ant\u00e9rieures \u00e0 0066",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Data Center GPU Max Series 1100 et 1550",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Base Toolkit software versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Distribution pour GDB software versions ant\u00e9rieures \u00e0 2024.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions ant\u00e9rieures \u00e0 5.13.00.2109",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "LAPBC510 and LAPBC710 versions ant\u00e9rieures \u00e0 0083",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "BMRA software versions ant\u00e9rieures \u00e0 22.08",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Graphics Performance Analyzers (Intel GPA) software versions ant\u00e9rieures \u00e0 2023.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel License Manager for FLEXlm product versions ant\u00e9rieures \u00e0 11.19.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "VTune Profiler versions ant\u00e9rieures \u00e0 VTune 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Processeurs Intel Xeon Scalable de 4\u00e8me et 5\u00e8me g\u00e9n\u00e9ration",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel VROC versions ant\u00e9rieures \u00e0 8.6.0.1191",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel GPA software versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel TDX module software versions ant\u00e9rieures \u00e0 TDX 1.5.01.00.592",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Math Kernel Library versions ant\u00e9rieures \u00e0 2024.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions ant\u00e9rieures \u00e0 5.4.2.4594",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-23495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23495"
    },
    {
      "name": "CVE-2024-21801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21801"
    },
    {
      "name": "CVE-2024-21844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21844"
    },
    {
      "name": "CVE-2024-23497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23497"
    },
    {
      "name": "CVE-2023-45230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45230"
    },
    {
      "name": "CVE-2024-21784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21784"
    },
    {
      "name": "CVE-2022-36763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36763"
    },
    {
      "name": "CVE-2023-39539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39539"
    },
    {
      "name": "CVE-2024-21857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21857"
    },
    {
      "name": "CVE-2024-24980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24980"
    },
    {
      "name": "CVE-2024-21787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21787"
    },
    {
      "name": "CVE-2024-26027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26027"
    },
    {
      "name": "CVE-2024-27461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27461"
    },
    {
      "name": "CVE-2023-34424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34424"
    },
    {
      "name": "CVE-2023-38655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38655"
    },
    {
      "name": "CVE-2024-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23491"
    },
    {
      "name": "CVE-2024-23499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23499"
    },
    {
      "name": "CVE-2023-45229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45229"
    },
    {
      "name": "CVE-2023-45234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45234"
    },
    {
      "name": "CVE-2023-45236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45236"
    },
    {
      "name": "CVE-2024-24983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24983"
    },
    {
      "name": "CVE-2024-28947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28947"
    },
    {
      "name": "CVE-2024-28887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28887"
    },
    {
      "name": "CVE-2024-25939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25939"
    },
    {
      "name": "CVE-2024-29015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29015"
    },
    {
      "name": "CVE-2024-25576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25576"
    },
    {
      "name": "CVE-2024-21769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21769"
    },
    {
      "name": "CVE-2024-24986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24986"
    },
    {
      "name": "CVE-2024-28046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28046"
    },
    {
      "name": "CVE-2023-35061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35061"
    },
    {
      "name": "CVE-2024-34163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34163"
    },
    {
      "name": "CVE-2024-24973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24973"
    },
    {
      "name": "CVE-2024-26025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26025"
    },
    {
      "name": "CVE-2023-45231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45231"
    },
    {
      "name": "CVE-2022-29871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
    },
    {
      "name": "CVE-2023-43747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43747"
    },
    {
      "name": "CVE-2023-45237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45237"
    },
    {
      "name": "CVE-2023-40067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40067"
    },
    {
      "name": "CVE-2024-28050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28050"
    },
    {
      "name": "CVE-2024-21810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21810"
    },
    {
      "name": "CVE-2023-49141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49141"
    },
    {
      "name": "CVE-2023-45233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45233"
    },
    {
      "name": "CVE-2023-45232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45232"
    },
    {
      "name": "CVE-2024-25562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25562"
    },
    {
      "name": "CVE-2024-23907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23907"
    },
    {
      "name": "CVE-2024-23908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23908"
    },
    {
      "name": "CVE-2024-21807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21807"
    },
    {
      "name": "CVE-2023-35123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35123"
    },
    {
      "name": "CVE-2024-24977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24977"
    },
    {
      "name": "CVE-2024-21806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21806"
    },
    {
      "name": "CVE-2024-24580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24580"
    },
    {
      "name": "CVE-2024-22184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22184"
    },
    {
      "name": "CVE-2024-23909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23909"
    },
    {
      "name": "CVE-2023-49144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49144"
    },
    {
      "name": "CVE-2023-48361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48361"
    },
    {
      "name": "CVE-2024-39283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39283"
    },
    {
      "name": "CVE-2024-23489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23489"
    },
    {
      "name": "CVE-2023-43489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43489"
    },
    {
      "name": "CVE-2024-25561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25561"
    },
    {
      "name": "CVE-2024-22374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22374"
    },
    {
      "name": "CVE-2023-42667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42667"
    },
    {
      "name": "CVE-2024-21766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21766"
    },
    {
      "name": "CVE-2024-23974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23974"
    },
    {
      "name": "CVE-2024-26022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26022"
    },
    {
      "name": "CVE-2024-28172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28172"
    },
    {
      "name": "CVE-2024-28876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28876"
    },
    {
      "name": "CVE-2024-24853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24853"
    },
    {
      "name": "CVE-2023-45235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45235"
    },
    {
      "name": "CVE-2024-22378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22378"
    },
    {
      "name": "CVE-2024-23981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23981"
    },
    {
      "name": "CVE-2024-28953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28953"
    },
    {
      "name": "CVE-2024-22376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22376"
    }
  ],
  "initial_release_date": "2024-08-14T00:00:00",
  "last_revision_date": "2024-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0679",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01102",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01102.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01172",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01172.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01116",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01129",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00790",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01070",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01070.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01106",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01106.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01089",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01121",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01038",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01113",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01057",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01057.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01046",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01088",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01088.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01122",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01164",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01164.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01130",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01107",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01107.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01127",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01127.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01112",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01112.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01075",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01095",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01095.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01115",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01010",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01126",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01128",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01128.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01087",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01087.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01114",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01094",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01094.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00999",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01083",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01022",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01117",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01073",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01073.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00918",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01105",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01078",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01125",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01125.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01072",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01104",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01100",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01118",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01110",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html"
    }
  ]
}

WID-SEC-W-2024-1826

Vulnerability from csaf_certbund

Published

2024-08-13 22:00

Modified

2024-08-14 22:00

Summary

Intel Server Board S2600ST Family Firmware: Schwachstelle ermöglicht Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in der Intel Server Board S2600ST Family Firmware ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in der Intel Server Board S2600ST Family Firmware ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1826 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1826.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1826 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1826"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-01121 vom 2024-08-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Server Board S2600ST Family Firmware: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-08-14T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:12:13.374+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1826",
      "initial_release_date": "2024-08-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-14T22:00:00.000+00:00",
          "number": "2",
          "summary": "Korrektur"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Server Board S2600ST Family \u003c02.01.0017",
                "product": {
                  "name": "Intel Firmware Server Board S2600ST Family \u003c02.01.0017",
                  "product_id": "T036383"
                }
              }
            ],
            "category": "product_name",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-28947",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in der Intel Server Board S2600ST Family Firmware aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2024-28947"
    }
  ]
}

wid-sec-w-2024-1826

Vulnerability from csaf_certbund

Published

2024-08-13 22:00

Modified

2024-08-14 22:00

Summary

Intel Server Board S2600ST Family Firmware: Schwachstelle ermöglicht Privilegieneskalation

Notes

Produktbeschreibung

Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in der Intel Server Board S2600ST Family Firmware ausnutzen, um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in der Intel Server Board S2600ST Family Firmware ausnutzen, um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1826 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1826.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1826 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1826"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-01121 vom 2024-08-13",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Server Board S2600ST Family Firmware: Schwachstelle erm\u00f6glicht Privilegieneskalation",
    "tracking": {
      "current_release_date": "2024-08-14T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:12:13.374+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1826",
      "initial_release_date": "2024-08-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-14T22:00:00.000+00:00",
          "number": "2",
          "summary": "Korrektur"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Server Board S2600ST Family \u003c02.01.0017",
                "product": {
                  "name": "Intel Firmware Server Board S2600ST Family \u003c02.01.0017",
                  "product_id": "T036383"
                }
              }
            ],
            "category": "product_name",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-28947",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in der Intel Server Board S2600ST Family Firmware aufgrund einer unsachgem\u00e4\u00dfen Eingabevalidierung. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern."
        }
      ],
      "release_date": "2024-08-13T22:00:00.000+00:00",
      "title": "CVE-2024-28947"
    }
  ]
}

gsd-2024-28947

Vulnerability from gsd

Modified

2024-04-02 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-28947

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-28947"
      ],
      "id": "GSD-2024-28947",
      "modified": "2024-04-02T05:02:55.797338Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-28947",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

ghsa-5fw8-xf44-fpcj

Vulnerability from github

Published

2024-08-14 15:31

Modified

2024-08-14 15:31

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.1 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-28947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T14:15:26Z",
    "severity": "HIGH"
  },
  "details": "Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-5fw8-xf44-fpcj",
  "modified": "2024-08-14T15:31:16Z",
  "published": "2024-08-14T15:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28947"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

fkie_cve-2024-28947

Vulnerability from fkie_nvd

Published

2024-08-14 14:15

Modified

2024-09-12 18:52

Severity ?

8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	server_board_s2600st_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC306BE1-EA41-4821-A88B-8040B70AA8D5",
              "versionEndExcluding": "02.01.0017",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access."
    },
    {
      "lang": "es",
      "value": "La validaci\u00f3n de entrada incorrecta en el controlador en modo kernel para algunos firmware de la familia Intel(R) Server Board S2600ST anteriores a la versi\u00f3n 02.01.0017 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
    }
  ],
  "id": "CVE-2024-28947",
  "lastModified": "2024-09-12T18:52:38.433",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "secure@intel.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-14T14:15:26.017",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "secure@intel.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-28947 (GCVE-0-2024-28947)

Vulnerability from cvelistv5

CERTFR-2024-AVI-0679

Vulnerability from certfr_avis

Solutions

WID-SEC-W-2024-1826

Vulnerability from csaf_certbund

wid-sec-w-2024-1826

Vulnerability from csaf_certbund

gsd-2024-28947

Vulnerability from gsd

ghsa-5fw8-xf44-fpcj

Vulnerability from github

fkie_cve-2024-28947

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature