Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0953
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel oneAPI Base Toolkit versions antérieures à 2023.1 | ||
| Intel | N/A | Utilitaire Intel Server Information Retrieval versions antérieures à 16.0.9 | ||
| Intel | N/A | Intel In-Band Manageability versions antérieures à 3.0.14 | ||
| Intel | N/A | Micrologiciels Intel Optane SSD et Intel Optane SSD DC | ||
| Intel | N/A | 8ème génération de processeur Intel Core, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Intel OpenVINO Model Server versions antérieures à 2022.3 | ||
| Intel | N/A | Micrologiciel Intel NUC, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Intel MPI Library versions antérieures à 2021.9 | ||
| Intel | N/A | Intel oneAPI HPC Toolkit versions antérieures à 2023.1 | ||
| Intel | N/A | 11ème génération de processeur Intel Core, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Intel OFU versions antérieures à 14.1.31 | ||
| Intel | N/A | Intel Unison sans le dernier correctif de sécurité | ||
| Intel | N/A | Micrologiciel Intel FPGA versions antérieures à 2.8.1 | ||
| Intel | N/A | Pilote Intel QAT pour Windows HW versions 2.x antérieures à 2.04 | ||
| Intel | N/A | Intel Arc RGB Controller versions antérieures à 1.06 | ||
| Intel | N/A | Pilotes Intel Arc & Iris Xe Graphics WHQL pour Windows versions antérieures à 31.0.101.4255 | ||
| Intel | N/A | Outil Intel Battery Life Diagnostic versions antérieures à 2.2.1 | ||
| Intel | N/A | Application Intel Support pour Android toutes versions | ||
| Intel | N/A | Application Intel Smart Campus pour Android versions antérieures à 9.4 | ||
| Intel | N/A | Intel Simics Simulator versions antérieures à 1.7.2 | ||
| Intel | N/A | Processeur Intel Atom, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Pilote pour Radeon RX Vega M (intégré dans les processeurs Intel Core) versions antérieures à 23.10.01.46 | ||
| Intel | N/A | 13ème génération de processeur Intel Core, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | 12ème génération de processeur Intel Core, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Logiciels pour Intel NUC | ||
| Intel | N/A | Processeur Intel Xeon D, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Intel RealSense Dynamic Calibration versions antérieures à 2.13.1.0 | ||
| Intel | N/A | Intel OpenVINO toolkit versions antérieures à 2023.0.0 | ||
| Intel | N/A | Intel Server Configuration Utility versions antérieures à 16.0.9 | ||
| Intel | N/A | Bibliothèque Intel QAT Library (QATlib) versions antérieures à 22.07.1 | ||
| Intel | N/A | Intel XTU versions antérieures à 7.12.0.15 | ||
| Intel | N/A | Intel Connectivity Performance Suite sans le dernier correctif de sécurité | ||
| Intel | N/A | Intel QAT pour Linux versions antérieures à QAT20.L.1.0.40-00004 | ||
| Intel | N/A | Intel Inspector versions antérieures à 2023.1 | ||
| Intel | N/A | Processeur Intel Celeron, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | 10ème génération de processeur Intel Core, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Intel On Demand Agent sans le dernier correctif de sécurité | ||
| Intel | N/A | Micrologiciels Intel Ethernet Adapters | ||
| Intel | N/A | Intel Chipset Device versions antérieures à 10.1.19444.8378 | ||
| Intel | N/A | Micrologiciels Intel Server Board et Server System | ||
| Intel | N/A | Pilote Intel QAT pour Windows HW versions 1.x antérieures à 1.10 | ||
| Intel | N/A | Intel DCM versions antérieures à 5.2 | ||
| Intel | N/A | Processeur Intel Pentium, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | Intel Advisor versions antérieures à 2023.1 | ||
| Intel | N/A | Intel Rapid Storage Technology versions antérieures à 16.8.5.1014.9 | ||
| Intel | N/A | Micrologiciels Intel Ethernet Controllers | ||
| Intel | N/A | Processeur Intel Server, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations | ||
| Intel | N/A | 9ème génération de processeur Intel Core, veuillez-vous réferer aux avis de l'éditeur pour plus d'Informations |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel oneAPI Base Toolkit versions ant\u00e9rieures \u00e0 2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Utilitaire Intel Server Information Retrieval versions ant\u00e9rieures \u00e0 16.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel In-Band Manageability versions ant\u00e9rieures \u00e0 3.0.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciels Intel Optane SSD et Intel Optane SSD DC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "8\u00e8me g\u00e9n\u00e9ration de processeur Intel Core, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenVINO Model Server versions ant\u00e9rieures \u00e0 2022.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciel Intel NUC, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel MPI Library versions ant\u00e9rieures \u00e0 2021.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "11\u00e8me g\u00e9n\u00e9ration de processeur Intel Core, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OFU versions ant\u00e9rieures \u00e0 14.1.31",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Unison sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciel Intel FPGA versions ant\u00e9rieures \u00e0 2.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Pilote Intel QAT pour Windows HW versions 2.x ant\u00e9rieures \u00e0 2.04",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Arc RGB Controller versions ant\u00e9rieures \u00e0 1.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Pilotes Intel Arc \u0026 Iris Xe Graphics WHQL pour Windows versions ant\u00e9rieures \u00e0 31.0.101.4255",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Outil Intel Battery Life Diagnostic versions ant\u00e9rieures \u00e0 2.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Application Intel Support pour Android toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Application Intel Smart Campus pour Android versions ant\u00e9rieures \u00e0 9.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Simics Simulator versions ant\u00e9rieures \u00e0 1.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Atom, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Pilote pour Radeon RX Vega M (int\u00e9gr\u00e9 dans les processeurs Intel Core) versions ant\u00e9rieures \u00e0 23.10.01.46",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "13\u00e8me g\u00e9n\u00e9ration de processeur Intel Core, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "12\u00e8me g\u00e9n\u00e9ration de processeur Intel Core, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Logiciels pour Intel NUC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon D, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel RealSense Dynamic Calibration versions ant\u00e9rieures \u00e0 2.13.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenVINO toolkit versions ant\u00e9rieures \u00e0 2023.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Configuration Utility versions ant\u00e9rieures \u00e0 16.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Biblioth\u00e8que Intel QAT Library (QATlib) versions ant\u00e9rieures \u00e0 22.07.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel XTU versions ant\u00e9rieures \u00e0 7.12.0.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Connectivity Performance Suite sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel QAT pour Linux versions ant\u00e9rieures \u00e0 QAT20.L.1.0.40-00004",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Inspector versions ant\u00e9rieures \u00e0 2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Celeron, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "10\u00e8me g\u00e9n\u00e9ration de processeur Intel Core, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel On Demand Agent sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciels Intel Ethernet Adapters",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Chipset Device versions ant\u00e9rieures \u00e0 10.1.19444.8378",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciels Intel Server Board et Server System",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Pilote Intel QAT pour Windows HW versions 1.x ant\u00e9rieures \u00e0 1.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel DCM versions ant\u00e9rieures \u00e0 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Pentium, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Advisor versions ant\u00e9rieures \u00e0 2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Rapid Storage Technology versions ant\u00e9rieures \u00e0 16.8.5.1014.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciels Intel Ethernet Controllers",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Server, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "9\u00e8me g\u00e9n\u00e9ration de processeur Intel Core, veuillez-vous r\u00e9ferer aux avis de l\u0027\u00e9diteur pour plus d\u0027Informations",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28388"
},
{
"name": "CVE-2023-25756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25756"
},
{
"name": "CVE-2023-29504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29504"
},
{
"name": "CVE-2023-32661",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32661"
},
{
"name": "CVE-2022-41700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41700"
},
{
"name": "CVE-2022-43477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43477"
},
{
"name": "CVE-2023-39230",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39230"
},
{
"name": "CVE-2023-33878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33878"
},
{
"name": "CVE-2022-24379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24379"
},
{
"name": "CVE-2023-32204",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32204"
},
{
"name": "CVE-2023-28401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28401"
},
{
"name": "CVE-2023-27513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27513"
},
{
"name": "CVE-2023-38411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38411"
},
{
"name": "CVE-2023-28740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28740"
},
{
"name": "CVE-2023-27519",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27519"
},
{
"name": "CVE-2023-36860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36860"
},
{
"name": "CVE-2023-39221",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39221"
},
{
"name": "CVE-2023-32655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32655"
},
{
"name": "CVE-2023-27879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27879"
},
{
"name": "CVE-2023-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24587"
},
{
"name": "CVE-2022-46298",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46298"
},
{
"name": "CVE-2023-28378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28378"
},
{
"name": "CVE-2023-22663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22663"
},
{
"name": "CVE-2023-22327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22327"
},
{
"name": "CVE-2022-43666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43666"
},
{
"name": "CVE-2023-22292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22292"
},
{
"name": "CVE-2023-22337",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22337"
},
{
"name": "CVE-2022-34302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34302"
},
{
"name": "CVE-2022-27229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27229"
},
{
"name": "CVE-2023-25075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25075"
},
{
"name": "CVE-2023-28377",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28377"
},
{
"name": "CVE-2023-28737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28737"
},
{
"name": "CVE-2023-32279",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32279"
},
{
"name": "CVE-2023-22290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22290"
},
{
"name": "CVE-2023-39411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39411"
},
{
"name": "CVE-2023-39228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39228"
},
{
"name": "CVE-2023-34350",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34350"
},
{
"name": "CVE-2023-33874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33874"
},
{
"name": "CVE-2023-28723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28723"
},
{
"name": "CVE-2023-28404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28404"
},
{
"name": "CVE-2023-20568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20568"
},
{
"name": "CVE-2021-46748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46748"
},
{
"name": "CVE-2023-28397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28397"
},
{
"name": "CVE-2023-22310",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22310"
},
{
"name": "CVE-2023-29157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29157"
},
{
"name": "CVE-2023-22448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22448"
},
{
"name": "CVE-2023-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27306"
},
{
"name": "CVE-2023-26589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26589"
},
{
"name": "CVE-2022-34301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34301"
},
{
"name": "CVE-2023-40540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40540"
},
{
"name": "CVE-2023-25071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25071"
},
{
"name": "CVE-2023-22285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22285"
},
{
"name": "CVE-2023-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24588"
},
{
"name": "CVE-2023-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34997"
},
{
"name": "CVE-2023-28376",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28376"
},
{
"name": "CVE-2023-29165",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29165"
},
{
"name": "CVE-2022-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29262"
},
{
"name": "CVE-2022-41689",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41689"
},
{
"name": "CVE-2023-40220",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40220"
},
{
"name": "CVE-2022-36396",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36396"
},
{
"name": "CVE-2022-36377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36377"
},
{
"name": "CVE-2023-20567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20567"
},
{
"name": "CVE-2023-38570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38570"
},
{
"name": "CVE-2022-36374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36374"
},
{
"name": "CVE-2022-33945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33945"
},
{
"name": "CVE-2022-46301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46301"
},
{
"name": "CVE-2023-38131",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38131"
},
{
"name": "CVE-2022-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46299"
},
{
"name": "CVE-2023-31203",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31203"
},
{
"name": "CVE-2022-41659",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41659"
},
{
"name": "CVE-2023-23583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23583"
},
{
"name": "CVE-2023-27305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27305"
},
{
"name": "CVE-2023-32660",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32660"
},
{
"name": "CVE-2023-32638",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32638"
},
{
"name": "CVE-2023-34431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34431"
},
{
"name": "CVE-2023-32278",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32278"
},
{
"name": "CVE-2023-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22329"
},
{
"name": "CVE-2023-33872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33872"
},
{
"name": "CVE-2022-33898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33898"
},
{
"name": "CVE-2023-29161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29161"
},
{
"name": "CVE-2023-32658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32658"
},
{
"name": "CVE-2022-46646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46646"
},
{
"name": "CVE-2023-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32283"
},
{
"name": "CVE-2023-31273",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31273"
},
{
"name": "CVE-2022-46647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46647"
},
{
"name": "CVE-2022-29510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29510"
},
{
"name": "CVE-2023-25080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25080"
},
{
"name": "CVE-2023-22305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22305"
},
{
"name": "CVE-2023-28741",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28741"
},
{
"name": "CVE-2023-25952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25952"
},
{
"name": "CVE-2023-25949",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25949"
},
{
"name": "CVE-2023-32641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32641"
},
{
"name": "CVE-2023-22313",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22313"
},
{
"name": "CVE-2022-45469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45469"
},
{
"name": "CVE-2023-34314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34314"
},
{
"name": "CVE-2022-34303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34303"
},
{
"name": "CVE-2023-39412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39412"
},
{
"name": "CVE-2022-42879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42879"
},
{
"name": "CVE-2022-45109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45109"
}
],
"initial_release_date": "2023-11-16T00:00:00",
"last_revision_date": "2023-11-16T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0953",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel du 14 novembre 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/default.html"
}
]
}
CVE-2023-32661 (GCVE-0-2023-32661)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-287 - Improper authentication
Summary
Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software |
Version: before version 10.0.19041.29098 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software:intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software",
"vendor": "intel_nuc_kits_nuc7pjyh_and_nuc7cjyh_realtek_sd_card_reader_driver_installation_software",
"versions": [
{
"lessThan": "10.0.19041.29098",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:05:45.663655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:09:14.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 10.0.19041.29098"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-287",
"description": "Improper authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:43.625Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32661",
"datePublished": "2023-11-14T19:04:43.625Z",
"dateReserved": "2023-06-02T03:00:03.953Z",
"dateUpdated": "2024-08-30T17:09:14.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34350 (GCVE-0-2023-34350)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) XTU software |
Version: before version 7.12.0.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:58:07.335143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:58:32.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) XTU software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 7.12.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:20.051Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-34350",
"datePublished": "2023-11-14T19:04:20.051Z",
"dateReserved": "2023-06-06T03:00:05.057Z",
"dateUpdated": "2024-08-30T17:58:32.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24588 (GCVE-0-2023-24588)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-10-11 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-200 - Exposure of sensitive information to an unauthorized actor
Summary
Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) SSD products |
Version: firmware for some Intel(R) Optane(TM) SSD products |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:48.632484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:24.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) SSD products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "firmware for some Intel(R) Optane(TM) SSD products"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-200",
"description": "Exposure of sensitive information to an unauthorized actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:57.506Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-24588",
"datePublished": "2023-11-14T19:04:57.506Z",
"dateReserved": "2023-03-08T04:00:03.646Z",
"dateUpdated": "2024-10-11T18:07:24.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39230 (GCVE-0-2023-39230)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Rapid Storage Technology software |
Version: before version 16.8.5.1014.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00961.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00961.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:29:57.473410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:30:10.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Rapid Storage Technology software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 16.8.5.1014.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:18.458Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00961.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00961.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-39230",
"datePublished": "2023-11-14T19:04:18.458Z",
"dateReserved": "2023-08-02T03:00:04.664Z",
"dateUpdated": "2024-08-30T18:30:10.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22292 (GCVE-0-2023-22292)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-248 - Uncaught exception
Summary
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:51:59.160083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:52:25.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-248",
"description": "Uncaught exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:27.786Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22292",
"datePublished": "2023-11-14T19:04:27.786Z",
"dateReserved": "2023-01-07T04:00:03.719Z",
"dateUpdated": "2024-08-30T17:52:25.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28741 (GCVE-0-2023-28741)
Vulnerability from cvelistv5
Published
2023-11-14 19:06
Modified
2024-08-02 13:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-120 - Buffer overflow
Summary
Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) QAT drivers for Windows - HW Version 1.0 |
Version: before version 1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:37.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) QAT drivers for Windows - HW Version 1.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:06:16.079Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28741",
"datePublished": "2023-11-14T19:06:16.079Z",
"dateReserved": "2023-04-07T03:00:04.483Z",
"dateUpdated": "2024-08-02T13:51:37.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25071 (GCVE-0-2023-25071)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-395 - NULL pointer dereference
Summary
NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers |
Version: before version 31.0.101.4255 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:56:59.836251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:57:11.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows Drviers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 31.0.101.4255"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in some Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-395",
"description": "NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:23.342Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25071",
"datePublished": "2023-11-14T19:04:23.342Z",
"dateReserved": "2023-03-22T03:00:05.340Z",
"dateUpdated": "2024-08-30T17:57:11.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34301 (GCVE-0-2022-34301)
Vulnerability from cvelistv5
Published
2022-08-26 00:00
Modified
2024-08-03 09:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/309662"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:06:29.798293",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"url": "https://www.kb.cert.org/vuls/id/309662"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34301",
"datePublished": "2022-08-26T00:00:00",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T09:07:16.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28388 (GCVE-0-2023-28388)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2025-06-11 14:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Chipset Device Software |
Version: before version 10.1.19444.8378 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:20:03.918867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:20:36.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Chipset Device Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 10.1.19444.8378"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:12.312Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28388",
"datePublished": "2023-11-14T19:05:12.312Z",
"dateReserved": "2023-04-13T03:00:03.863Z",
"dateUpdated": "2025-06-11T14:20:36.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41689 (GCVE-0-2022-41689)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-03 12:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel In-Band Manageability software |
Version: before version 3.0.14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00968.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00968.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel In-Band Manageability software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 3.0.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:25.455Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00968.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00968.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-41689",
"datePublished": "2023-11-14T19:04:25.455Z",
"dateReserved": "2022-09-28T14:53:53.475Z",
"dateUpdated": "2024-08-03T12:49:43.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33874 (GCVE-0-2023-33874)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software |
Version: before version 2.2.2.1 for Windows |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_nuc_12_pro_kits_and_mini_pcs_nuc12ws_intel_hid_event_filter_driver_installation_software:intel_nuc_12_pro_kits_and_mini_pcs_nuc12ws_intel_hid_event_filter_driver_installation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_nuc_12_pro_kits_and_mini_pcs_nuc12ws_intel_hid_event_filter_driver_installation_software",
"vendor": "intel_nuc_12_pro_kits_and_mini_pcs_nuc12ws_intel_hid_event_filter_driver_installation_software",
"versions": [
{
"lessThan": "before_version_2.2.2.1_for_windows",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33874",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T16:38:04.251688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:46:56.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC 12 Pro Kits \u0026 Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.2.2.1 for Windows"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) NUC 12 Pro Kits \u0026 Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:46.417Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-33874",
"datePublished": "2023-11-14T19:04:46.417Z",
"dateReserved": "2023-06-02T03:00:03.757Z",
"dateUpdated": "2024-08-30T16:46:56.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29157 (GCVE-0-2023-29157)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) OFU software |
Version: before version 14.1.31 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:05:55.183709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:10:16.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) OFU software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 14.1.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:00.952Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29157",
"datePublished": "2023-11-14T19:05:00.952Z",
"dateReserved": "2023-05-05T03:00:03.817Z",
"dateUpdated": "2024-08-30T15:10:16.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28723 (GCVE-0-2023-28723)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-200 - Exposure of sensitive information to an unauthorized actor
Summary
Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: some Intel(R) Aptio* V UEFI Firmware Integrator Tools |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:01:58.531453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:17:07.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "some Intel(R) Aptio* V UEFI Firmware Integrator Tools"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-200",
"description": "Exposure of sensitive information to an unauthorized actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:52.898Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28723",
"datePublished": "2023-11-14T19:04:52.898Z",
"dateReserved": "2023-03-22T03:00:05.318Z",
"dateUpdated": "2024-08-30T15:17:07.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34303 (GCVE-0-2022-34303)
Vulnerability from cvelistv5
Published
2022-08-26 00:00
Modified
2024-08-03 09:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/309662"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:06:31.975249",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"url": "https://www.kb.cert.org/vuls/id/309662"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34303",
"datePublished": "2022-08-26T00:00:00",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T09:07:16.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46301 (GCVE-0-2022-46301)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-665 - Improper Initialization
Summary
Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:59:36.342004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:03:05.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-665",
"description": "Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:37.311Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-46301",
"datePublished": "2023-11-14T19:04:37.311Z",
"dateReserved": "2022-12-06T04:00:03.827Z",
"dateUpdated": "2024-08-30T16:03:05.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27519 (GCVE-0-2023-27519)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2025-06-11 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) SSD products |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T14:22:28.034673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:22:41.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) SSD products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:55.720Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27519",
"datePublished": "2023-11-14T19:04:55.720Z",
"dateReserved": "2023-03-08T04:00:03.724Z",
"dateUpdated": "2025-06-11T14:22:41.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32279 (GCVE-0-2023-32279)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-284 - Improper access control
Summary
Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Connectivity Performance Suite |
Version: before version 2.1123.214.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00944.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00944.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:40:34.016793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:41:42.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Connectivity Performance Suite",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.1123.214.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:39.018Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00944.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00944.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32279",
"datePublished": "2023-11-14T19:04:39.018Z",
"dateReserved": "2023-05-06T03:00:04.365Z",
"dateUpdated": "2024-08-30T17:41:42.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33878 (GCVE-0-2023-33878)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-249 - Path transversal
Summary
Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC P14E Laptop Element Audio Install Package software |
Version: before version 156 for Windows |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:12.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_nuc_p14e_laptop_element_audio_install_package_software:intel_nuc_p14e_laptop_element_audio_install_package_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_nuc_p14e_laptop_element_audio_install_package_software",
"vendor": "intel_nuc_p14e_laptop_element_audio_install_package_software",
"versions": [
{
"lessThan": "before_version_156_for_windows",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T16:15:08.914224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:29:49.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC P14E Laptop Element Audio Install Package software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 156 for Windows"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-249",
"description": "Path transversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:48.347Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-33878",
"datePublished": "2023-11-14T19:04:48.347Z",
"dateReserved": "2023-06-02T03:00:03.930Z",
"dateUpdated": "2024-08-30T16:29:49.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22285 (GCVE-0-2023-22285)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:53:26.284775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:53:59.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:27.142Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22285",
"datePublished": "2023-11-14T19:04:27.142Z",
"dateReserved": "2023-01-07T04:00:03.387Z",
"dateUpdated": "2024-08-30T17:53:59.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27305 (GCVE-0-2023-27305)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 12:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:32.645Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27305",
"datePublished": "2023-11-14T19:04:21.686Z",
"dateReserved": "2023-03-08T04:00:03.633Z",
"dateUpdated": "2024-08-02T12:09:43.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32655 (GCVE-0-2023-32655)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-249 - Path transversal
Summary
Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software |
Version: before version 1.0.10.3 for Windows |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nuc_kits_and_mini_pcs_nuc8i7hvk_nuc8hnk_usb_type_c_powe_delivery_controller_installation_software:nuc_kits_and_mini_pcs_nuc8i7hvk_nuc8hnk_usb_type_c_powe_delivery_controller_installation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_kits_and_mini_pcs_nuc8i7hvk_nuc8hnk_usb_type_c_powe_delivery_controller_installation_software",
"vendor": "nuc_kits_and_mini_pcs_nuc8i7hvk_nuc8hnk_usb_type_c_powe_delivery_controller_installation_software",
"versions": [
{
"lessThan": "1.0.10.3_for_windows",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:29:17.055407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:47:24.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Kits \u0026 Mini PCs - NUC8i7HVK \u0026 NUC8HNK USB Type C power delivery controller installatio software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.0.10.3 for Windows"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path transversal in some Intel(R) NUC Kits \u0026 Mini PCs - NUC8i7HVK \u0026 NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-249",
"description": "Path transversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:50.082Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32655",
"datePublished": "2023-11-14T19:04:50.082Z",
"dateReserved": "2023-06-02T03:00:03.779Z",
"dateUpdated": "2024-08-30T15:47:24.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23583 (GCVE-0-2023-23583)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2025-02-13 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure, escalation of privilege, denial of service
- CWE-1281 - Sequence of processor instructions leads to unexpected behavior
Summary
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/7"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0015/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5563"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00012.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23583",
"options": [
{
"Exploitation": "None"
},
{
"Automatable": "No"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-16T13:58:46.919603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T21:32:08.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure, escalation of privilege, denial of service",
"lang": "en"
},
{
"cweId": "CWE-1281",
"description": "Sequence of processor instructions leads to unexpected behavior",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T20:06:17.390Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/8"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/14/9"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0015/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5563"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-23583",
"datePublished": "2023-11-14T19:04:24.927Z",
"dateReserved": "2023-05-11T03:00:02.553Z",
"dateUpdated": "2025-02-13T16:44:10.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28401 (GCVE-0-2023-28401)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 12:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers |
Version: before version 31.0.101.4255 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows drivers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 31.0.101.4255"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in some Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:23.883Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28401",
"datePublished": "2023-11-14T19:04:23.883Z",
"dateReserved": "2023-03-22T03:00:05.326Z",
"dateUpdated": "2024-08-02T12:38:25.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25080 (GCVE-0-2023-25080)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 11:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-693 - Protection mechanism failure
Summary
Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Distribution of OpenVINO toolkit software |
Version: before version 2023.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Distribution of OpenVINO toolkit software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-693",
"description": "Protection mechanism failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:59.211Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25080",
"datePublished": "2023-11-14T19:04:59.211Z",
"dateReserved": "2023-03-01T18:23:25.217Z",
"dateUpdated": "2024-08-02T11:11:43.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34431 (GCVE-0-2023-34431)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BIOS firmware |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T16:55:22.972453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:57:11.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BIOS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:08.245Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-34431",
"datePublished": "2023-11-14T19:05:08.245Z",
"dateReserved": "2023-06-06T03:00:05.087Z",
"dateUpdated": "2024-08-30T16:57:11.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32638 (GCVE-0-2023-32638)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Arc RGB Controller software |
Version: before version 1.06 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00952.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00952.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:29:30.301635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:29:43.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Arc RGB Controller software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:19.014Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00952.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00952.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32638",
"datePublished": "2023-11-14T19:04:19.014Z",
"dateReserved": "2023-06-17T03:00:02.693Z",
"dateUpdated": "2024-08-30T18:29:43.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31273 (GCVE-0-2023-31273)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-693 - Protection mechanism failure
Summary
Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel DCM software |
Version: before version 5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:29.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:26:35.686007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:27:09.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel DCM software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-693",
"description": "Protection mechanism failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:58.618Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-31273",
"datePublished": "2023-11-14T19:04:58.618Z",
"dateReserved": "2023-05-05T03:00:03.570Z",
"dateUpdated": "2024-08-30T15:27:09.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22448 (GCVE-0-2023-22448)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:48:02.558189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:48:36.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:29.450Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22448",
"datePublished": "2023-11-14T19:04:29.450Z",
"dateReserved": "2023-01-07T04:00:03.700Z",
"dateUpdated": "2024-08-30T17:48:36.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28376 (GCVE-0-2023-28376)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2025-02-13 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-125 - Out-of-bounds read
Summary
Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) E810 Ethernet Controllers and Adapters |
Version: before version 1.7.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) E810 Ethernet Controllers and Adapters",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T22:06:25.352Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28376",
"datePublished": "2023-11-14T19:04:54.586Z",
"dateReserved": "2023-03-22T03:00:05.362Z",
"dateUpdated": "2025-02-13T16:48:39.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29165 (GCVE-0-2023-29165)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-428 - Unquoted search path or element
Summary
Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-428",
"description": "Unquoted search path or element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:31.843Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29165",
"datePublished": "2023-11-14T19:04:20.572Z",
"dateReserved": "2023-04-07T03:00:04.456Z",
"dateUpdated": "2024-08-02T14:00:15.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39228 (GCVE-0-2023-39228)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:44:44.011446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:45:32.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:32.200Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-39228",
"datePublished": "2023-11-14T19:04:32.200Z",
"dateReserved": "2023-08-01T18:07:23.312Z",
"dateUpdated": "2024-08-30T17:45:32.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31203 (GCVE-0-2023-31203)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-14 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | OpenVINO Model Server software |
Version: before version 2022.3 for Intel Distribution of OpenVINO toolkit |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:26.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:05:43.060094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:08:49.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenVINO Model Server software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2022.3 for Intel Distribution of OpenVINO toolkit"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:59.771Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-31203",
"datePublished": "2023-11-14T19:04:59.771Z",
"dateReserved": "2023-05-05T03:00:03.521Z",
"dateUpdated": "2024-08-14T20:08:49.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29262 (GCVE-0-2022-29262)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 15:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BIOS firmware |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:06:21.536256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:09:15.619Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BIOS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper buffer restrictions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:09.467Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-29262",
"datePublished": "2023-11-14T19:05:09.467Z",
"dateReserved": "2022-04-20T00:10:11.709Z",
"dateUpdated": "2024-08-30T15:09:15.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28737 (GCVE-0-2023-28737)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-14 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-665 - Improper initialization
Summary
Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:aptio_v_uefi_firmware_integrator_tools:5.27.03.0003:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aptio_v_uefi_firmware_integrator_tools",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "5.27.03.0003"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:aptio_v_uefi_firmware_integrator_tools:5.27.06.0017:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aptio_v_uefi_firmware_integrator_tools",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "5.27.06.0017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:07:44.597215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:43:50.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-665",
"description": "Improper initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:41.403Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28737",
"datePublished": "2023-11-14T19:04:41.403Z",
"dateReserved": "2023-04-25T03:00:03.909Z",
"dateUpdated": "2024-08-14T20:43:50.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22310 (GCVE-0-2023-22310)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-421 - Race condition
Summary
Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T14:57:49.287070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:22:49.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-421",
"description": "Race condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:50.657Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22310",
"datePublished": "2023-11-14T19:04:50.657Z",
"dateReserved": "2023-04-07T03:00:04.512Z",
"dateUpdated": "2024-08-30T15:22:49.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28378 (GCVE-0-2023-28378)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-02 12:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-285 - Improper authorization
Summary
Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) QAT drivers for Windows - HW Version 2.0 |
Version: before version 2.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) QAT drivers for Windows - HW Version 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-285",
"description": "Improper authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:13.226Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28378",
"datePublished": "2023-11-14T19:05:13.226Z",
"dateReserved": "2023-04-25T03:00:03.913Z",
"dateUpdated": "2024-08-02T12:38:24.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25075 (GCVE-0-2023-25075)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 11:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-428 - Unquoted search path
Summary
Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Server Configuration Utility software |
Version: before version 16.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:44.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Server Configuration Utility software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 16.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-428",
"description": "Unquoted search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:39.620Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25075",
"datePublished": "2023-11-14T19:04:39.620Z",
"dateReserved": "2023-02-24T04:00:02.142Z",
"dateUpdated": "2024-08-02T11:11:44.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25756 (GCVE-0-2023-25756)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2025-02-13 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-125 - Out-of-bounds read
Summary
Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T16:15:46.231541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:16:44.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T22:06:22.309Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25756",
"datePublished": "2023-11-14T19:05:06.822Z",
"dateReserved": "2023-02-17T04:00:04.736Z",
"dateUpdated": "2025-02-13T16:44:38.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28404 (GCVE-0-2023-28404)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 12:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-125 - Out-of-bounds read
Summary
Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers |
Version: before version 31.0.101.4255 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows drivers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 31.0.101.4255"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:24.382Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28404",
"datePublished": "2023-11-14T19:04:24.382Z",
"dateReserved": "2023-03-22T03:00:05.368Z",
"dateUpdated": "2024-08-02T12:38:25.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40540 (GCVE-0-2023-40540)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-1303 - Non-Transparent Sharing of Microarchitectural Resources
Summary
Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC BIOS firmware |
Version: some Intel(R) NUC BIOS firmware |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:15:56.197787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:16:20.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC BIOS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "some Intel(R) NUC BIOS firmware"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-1303",
"description": "Non-Transparent Sharing of Microarchitectural Resources",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:06.268Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-40540",
"datePublished": "2023-11-14T19:05:06.268Z",
"dateReserved": "2023-08-23T03:00:02.616Z",
"dateUpdated": "2024-08-30T15:16:20.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32204 (GCVE-0-2023-32204)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-14 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) OFU software |
Version: before version 14.1.31 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:one_boot_flash_update:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "one_boot_flash_update",
"vendor": "intel",
"versions": [
{
"lessThan": "14.1.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:05:16.575984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:08:29.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) OFU software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 14.1.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:00.372Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32204",
"datePublished": "2023-11-14T19:05:00.372Z",
"dateReserved": "2023-05-05T03:00:03.543Z",
"dateUpdated": "2024-08-14T20:08:29.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24379 (GCVE-0-2022-24379)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 15:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server System M70KLP Family BIOS firmware |
Version: before version 01.04.0029 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel_server_system_m70klp_family_bios_firmware:intel_server_system_m70klp_family_bios_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_server_system_m70klp_family_bios_firmware",
"vendor": "intel_server_system_m70klp_family_bios_firmware",
"versions": [
{
"lessThan": "01.04.0029",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:51:57.068598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:55:43.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server System M70KLP Family BIOS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 01.04.0029"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:10.089Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-24379",
"datePublished": "2023-11-14T19:05:10.089Z",
"dateReserved": "2022-02-03T23:50:43.378Z",
"dateUpdated": "2024-08-30T15:55:43.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29161 (GCVE-0-2023-29161)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) OFU software |
Version: before version 14.1.31 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:24:55.559469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:25:17.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) OFU software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 14.1.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:01.481Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29161",
"datePublished": "2023-11-14T19:05:01.481Z",
"dateReserved": "2023-05-05T03:00:03.730Z",
"dateUpdated": "2024-08-30T15:25:17.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29510 (GCVE-0-2022-29510)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board M10JNP2SB BIOS firmware |
Version: before version 7.219 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board M10JNP2SB BIOS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 7.219"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper buffer restrictions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:10.662Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-29510",
"datePublished": "2023-11-14T19:05:10.662Z",
"dateReserved": "2022-04-20T00:10:11.690Z",
"dateUpdated": "2024-08-03T06:26:06.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46647 (GCVE-0-2022-46647)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-532 - Insertion of sensitive information into log file
Summary
Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:37.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:59:14.124552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:06:42.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-532",
"description": "Insertion of sensitive information into log file",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:35.648Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-46647",
"datePublished": "2023-11-14T19:04:35.648Z",
"dateReserved": "2022-12-06T04:00:03.907Z",
"dateUpdated": "2024-08-30T16:06:42.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46748 (GCVE-0-2021-46748)
Vulnerability from cvelistv5
Published
2023-11-14 18:50
Modified
2025-02-13 16:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Version: various |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:08.336Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2021-46748",
"datePublished": "2023-11-14T18:50:52.470Z",
"dateReserved": "2022-03-31T16:50:27.865Z",
"dateUpdated": "2025-02-13T16:28:47.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32278 (GCVE-0-2023-32278)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-249 - Path transversal
Summary
Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software |
Version: before version 1.0.1.7 for Intel(R) NUC Software Studio |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software:nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software",
"vendor": "nuc_uniwill_service_driver_for_intel_nuc_m15_laptop_kits_laprc510_and_laprc710_uniwill_service_driver_installation_software",
"versions": [
{
"lessThan": "1.0.1.7_for_intel_nuc_software_studio",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T16:00:11.363044Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:10:07.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 \u0026 LAPRC710 Uniwill Service Driver installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.0.1.7 for Intel(R) NUC Software Studio"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 \u0026 LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-249",
"description": "Path transversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:49.530Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32278",
"datePublished": "2023-11-14T19:04:49.530Z",
"dateReserved": "2023-05-23T03:00:05.429Z",
"dateUpdated": "2024-08-30T16:10:07.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26589 (GCVE-0-2023-26589)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-416 - Use after free
Summary
Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:01:26.173202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:22:29.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:51.170Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-26589",
"datePublished": "2023-11-14T19:04:51.170Z",
"dateReserved": "2023-03-29T03:00:02.560Z",
"dateUpdated": "2024-08-30T15:22:29.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27229 (GCVE-0-2022-27229)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 18:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-249 - Path transversal
Summary
Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software |
Version: before version 1.79.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:nuc_hdmi_firmware_update_tool:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_hdmi_firmware_update_tool",
"vendor": "intel",
"versions": [
{
"lessThan": "1.79.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:nuc_kit_nuc7i3dnhe:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_kit_nuc7i3dnhe",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:nuc_kit_nuc7i3dnke:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_kit_nuc7i3dnke",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:nuc_kit_nuc7i5dnhe:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "nuc_kit_nuc7i5dnhe",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:nuc_kit_nuc7i5dnke:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_kit_nuc7i5dnke",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:nuc_kit_nuc7i7dnhe:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_kit_nuc7i7dnhe",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:nuc_kit_nuc7i7dnke:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_kit_nuc7i7dnke",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:17:34.273725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:25:32.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.79.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-249",
"description": "Path transversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:44.747Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-27229",
"datePublished": "2023-11-14T19:04:44.747Z",
"dateReserved": "2022-03-21T23:31:41.440Z",
"dateUpdated": "2024-08-30T18:25:32.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36860 (GCVE-0-2023-36860)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:56:22.404904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:56:34.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:26.033Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-36860",
"datePublished": "2023-11-14T19:04:26.033Z",
"dateReserved": "2023-08-01T18:07:23.301Z",
"dateUpdated": "2024-08-30T17:56:34.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33898 (GCVE-0-2022-33898)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Watchdog Timer installation software |
Version: before version 2.0.21.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-33898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:03:59.050135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:05:22.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Watchdog Timer installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.0.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:44.189Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-33898",
"datePublished": "2023-11-14T19:04:44.189Z",
"dateReserved": "2022-06-19T03:00:05.161Z",
"dateUpdated": "2024-08-30T17:05:22.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32283 (GCVE-0-2023-32283)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-532 - Insertion of sensitive information into log file
Summary
Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) On Demand software |
Version: before versions 1.16.2, 2.1.1, 3.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00914.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00914.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:01:16.331120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:23:10.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) On Demand software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before versions 1.16.2, 2.1.1, 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-532",
"description": "Insertion of sensitive information into log file",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:40.842Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00914.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00914.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32283",
"datePublished": "2023-11-14T19:04:40.842Z",
"dateReserved": "2023-05-06T03:00:04.384Z",
"dateUpdated": "2024-08-30T15:23:10.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28740 (GCVE-0-2023-28740)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-10-15 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) QAT drivers for Windows - HW Version 2.0 |
Version: before version 2.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:37.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:qat_drivers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qat_drivers",
"vendor": "intel",
"versions": [
{
"lessThan": "2.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:26.768411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:51:10.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) QAT drivers for Windows - HW Version 2.0",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:13.791Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28740",
"datePublished": "2023-11-14T19:05:13.791Z",
"dateReserved": "2023-04-13T03:00:03.841Z",
"dateUpdated": "2024-10-15T17:51:10.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41700 (GCVE-0-2022-41700)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-14 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Pro Software Suite installation software |
Version: before version 2.0.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:nuc_pro_software_suite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nuc_pro_software_suite",
"vendor": "intel",
"versions": [
{
"lessThan": "2.0.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:06:19.031987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "CWE-277 Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:42:27.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Pro Software Suite installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.0.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:45.324Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-41700",
"datePublished": "2023-11-14T19:04:45.324Z",
"dateReserved": "2022-09-29T03:00:04.854Z",
"dateUpdated": "2024-08-14T20:42:27.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22329 (GCVE-0-2023-22329)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2025-02-13 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T22:06:23.807Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00924.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22329",
"datePublished": "2023-11-14T19:05:07.366Z",
"dateReserved": "2023-02-17T04:00:04.823Z",
"dateUpdated": "2025-02-13T16:43:50.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27513 (GCVE-0-2023-27513)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2025-06-11 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Information Retrieval Utility software |
Version: before version 16.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:36.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00894.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00894.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-04T16:08:29.131296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T14:21:54.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Information Retrieval Utility software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 16.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:11.201Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00894.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00894.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27513",
"datePublished": "2023-11-14T19:05:11.201Z",
"dateReserved": "2023-04-13T03:00:03.826Z",
"dateUpdated": "2025-06-11T14:21:54.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28397 (GCVE-0-2023-28397)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 18:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:aptio_v_uefi_firmware_integrator_tools:5.27.03.0003:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aptio_v_uefi_firmware_integrator_tools",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "5.27.03.0003"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:aptio_v_uefi_firmware_integrator_tools:5.27.06.0017:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aptio_v_uefi_firmware_integrator_tools",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "5.27.06.0017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:26:09.454583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:27:31.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:42.517Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28397",
"datePublished": "2023-11-14T19:04:42.517Z",
"dateReserved": "2023-04-07T03:00:04.517Z",
"dateUpdated": "2024-08-30T18:27:31.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29504 (GCVE-0-2023-29504)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) RealSense(TM) Dynamic Calibration software |
Version: before version 2.13.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00871.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00871.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:12:29.217774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:13:18.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) RealSense(TM) Dynamic Calibration software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.13.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:11.749Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00871.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00871.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29504",
"datePublished": "2023-11-14T19:05:11.749Z",
"dateReserved": "2023-04-13T03:00:03.801Z",
"dateUpdated": "2024-08-30T15:13:18.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38411 (GCVE-0-2023-38411)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-30 15:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Smart Campus android application |
Version: before version 9.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00863.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00863.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:06:07.998918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:09:43.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Smart Campus android application",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 9.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:02.227Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00863.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00863.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38411",
"datePublished": "2023-11-14T19:05:02.227Z",
"dateReserved": "2023-08-02T03:00:04.706Z",
"dateUpdated": "2024-08-30T15:09:43.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43666 (GCVE-0-2022-43666)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-1258 - Exposure of sensitive system information due to uncleared debug information
Summary
Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:58:46.279875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:07:53.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-1258",
"description": "Exposure of sensitive system information due to uncleared debug information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:33.917Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-43666",
"datePublished": "2023-11-14T19:04:33.917Z",
"dateReserved": "2022-12-06T04:00:03.832Z",
"dateUpdated": "2024-08-30T16:07:53.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22327 (GCVE-0-2023-22327)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-10-15 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) FPGA products |
Version: before version 2.8.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00957.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00957.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:soc_fpga_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "soc_fpga_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:28.209447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:53:51.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) FPGA products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:53.449Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00957.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00957.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22327",
"datePublished": "2023-11-14T19:04:53.449Z",
"dateReserved": "2023-06-17T03:00:02.874Z",
"dateUpdated": "2024-10-15T17:53:51.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39221 (GCVE-0-2023-39221)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:27:48.713609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:28:03.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:30.584Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-39221",
"datePublished": "2023-11-14T19:04:30.584Z",
"dateReserved": "2023-08-01T18:07:23.295Z",
"dateUpdated": "2024-08-30T18:28:03.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39412 (GCVE-0-2023-39412)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-352 - Cross-site request forgery
Summary
Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:46:45.112774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:46:56.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-352",
"description": "Cross-site request forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:31.117Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-39412",
"datePublished": "2023-11-14T19:04:31.117Z",
"dateReserved": "2023-08-02T03:00:04.684Z",
"dateUpdated": "2024-08-30T17:46:56.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22313 (GCVE-0-2023-22313)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-02 10:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) QAT Library software |
Version: before version 22.07.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) QAT Library software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 22.07.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper buffer restrictions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:14.351Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22313",
"datePublished": "2023-11-14T19:05:14.351Z",
"dateReserved": "2023-04-07T03:00:04.523Z",
"dateUpdated": "2024-08-02T10:07:06.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39411 (GCVE-0-2023-39411)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validationation
Summary
Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:56:27.118713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:08:40.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validationation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:32.781Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-39411",
"datePublished": "2023-11-14T19:04:32.781Z",
"dateReserved": "2023-08-01T18:07:23.307Z",
"dateUpdated": "2024-08-30T16:08:40.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20567 (GCVE-0-2023-20567)
Vulnerability from cvelistv5
Published
2023-11-14 18:51
Modified
2025-02-13 16:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Version: various |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:22.270Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20567",
"datePublished": "2023-11-14T18:51:25.340Z",
"dateReserved": "2022-10-27T18:53:39.753Z",
"dateUpdated": "2025-02-13T16:39:47.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38131 (GCVE-0-2023-38131)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validationation
Summary
Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:49:01.123148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:49:14.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validationation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:28.900Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38131",
"datePublished": "2023-11-14T19:04:28.900Z",
"dateReserved": "2023-08-01T18:07:23.320Z",
"dateUpdated": "2024-08-30T17:49:14.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27306 (GCVE-0-2023-27306)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 12:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-665 - Improper Initialization
Summary
Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) SSD products |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:42.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) SSD products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-665",
"description": "Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:56.952Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27306",
"datePublished": "2023-11-14T19:04:56.952Z",
"dateReserved": "2023-03-08T04:00:03.697Z",
"dateUpdated": "2024-08-02T12:09:42.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46299 (GCVE-0-2022-46299)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-691 - Insufficient control flow management
Summary
Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:59:07.038174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:07:11.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-691",
"description": "Insufficient control flow management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:35.061Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-46299",
"datePublished": "2023-11-14T19:04:35.061Z",
"dateReserved": "2022-12-06T04:00:03.845Z",
"dateUpdated": "2024-08-30T16:07:11.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24587 (GCVE-0-2023-24587)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-10-11 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-691 - Insufficient control flow management
Summary
Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) SSD products |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:03:18.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:49.878192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:07:34.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) SSD products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-691",
"description": "Insufficient control flow management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:55.135Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-24587",
"datePublished": "2023-11-14T19:04:55.135Z",
"dateReserved": "2023-03-08T04:00:03.672Z",
"dateUpdated": "2024-10-11T18:07:34.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33872 (GCVE-0-2023-33872)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-284 - Improper access control
Summary
Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Support android application |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:13.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:28:05.771379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:28:12.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Support android application",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:58.058Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-33872",
"datePublished": "2023-11-14T19:04:58.058Z",
"dateReserved": "2023-06-17T03:00:02.935Z",
"dateUpdated": "2024-08-30T15:28:12.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33945 (GCVE-0-2022-33945)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-14 20:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server board and Intel(R) Server System BIOS firmware |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:15.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:server_m20ntp_family:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_m20ntp_family",
"vendor": "intel",
"versions": [
{
"lessThan": "0022.D02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:server_system_m70klp_family:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_system_m70klp_family",
"vendor": "intel",
"versions": [
{
"lessThan": "01.04.0029",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:server_board_m10jnp2sb_family:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_board_m10jnp2sb_family",
"vendor": "intel",
"versions": [
{
"lessThan": "7.219",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:server_board_s2600bp_family:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_board_s2600bp_family",
"vendor": "intel",
"versions": [
{
"lessThan": "02.01.0015",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-33945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:04:34.157408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:01:25.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server board and Intel(R) Server System BIOS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:08.859Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-33945",
"datePublished": "2023-11-14T19:05:08.859Z",
"dateReserved": "2022-06-18T03:00:05.784Z",
"dateUpdated": "2024-08-14T20:01:25.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25952 (GCVE-0-2023-25952)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 11:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:33.466Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25952",
"datePublished": "2023-11-14T19:04:22.210Z",
"dateReserved": "2023-03-08T04:00:03.712Z",
"dateUpdated": "2024-08-02T11:39:06.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43477 (GCVE-0-2022-43477)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-459 - Incomplete cleanup
Summary
Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:58:56.837961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:07:28.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-459",
"description": "Incomplete cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:34.472Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-43477",
"datePublished": "2023-11-14T19:04:34.472Z",
"dateReserved": "2022-11-10T04:00:03.696Z",
"dateUpdated": "2024-08-30T16:07:28.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46298 (GCVE-0-2022-46298)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-459 - Incomplete cleanup
Summary
Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:43:03.052610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:43:19.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-459",
"description": "Incomplete cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:38.455Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-46298",
"datePublished": "2023-11-14T19:04:38.455Z",
"dateReserved": "2022-12-06T04:00:03.814Z",
"dateUpdated": "2024-08-30T17:43:19.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32641 (GCVE-0-2023-32641)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege, denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) QAT |
Version: before version QAT20.L.1.0.40-00004 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:03:47.434106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:16:47.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) QAT",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version QAT20.L.1.0.40-00004"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege, denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:54.038Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32641",
"datePublished": "2023-11-14T19:04:54.038Z",
"dateReserved": "2023-06-06T03:00:04.994Z",
"dateUpdated": "2024-08-30T15:16:47.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45469 (GCVE-0-2022-45469)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:59:23.179688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:06:07.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:36.206Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-45469",
"datePublished": "2023-11-14T19:04:36.206Z",
"dateReserved": "2022-12-06T04:00:03.876Z",
"dateUpdated": "2024-08-30T16:06:07.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36396 (GCVE-0-2022-36396)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: before version iDmiEdit-Linux-5.27.06.0017 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version iDmiEdit-Linux-5.27.06.0017"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:41.979Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-36396",
"datePublished": "2023-11-14T19:04:41.979Z",
"dateReserved": "2022-07-23T03:00:20.093Z",
"dateUpdated": "2024-08-03T10:00:04.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34997 (GCVE-0-2023-34997)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Server Configuration Utility software |
Version: before version 16.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_server_configuration_utility_software:intel_server_configuration_utility_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_server_configuration_utility_software",
"vendor": "intel_server_configuration_utility_software",
"versions": [
{
"lessThan": "16.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:37:34.933013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:39:08.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Server Configuration Utility software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 16.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:40.233Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-34997",
"datePublished": "2023-11-14T19:04:40.233Z",
"dateReserved": "2023-06-22T03:00:04.902Z",
"dateUpdated": "2024-08-30T17:39:08.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36374 (GCVE-0-2022-36374)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: before version iDmi Windows 5.27.03.0003 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_aptio_v_uefi_firmware_integrator_tools:intel_aptio_v_uefi_firmware_integrator_tools:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_aptio_v_uefi_firmware_integrator_tools",
"vendor": "intel_aptio_v_uefi_firmware_integrator_tools",
"versions": [
{
"lessThan": "before_version_idmi_windows_5.27.03.0003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:10:45.904789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:13:59.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version iDmi Windows 5.27.03.0003"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:43.074Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-36374",
"datePublished": "2023-11-14T19:04:43.074Z",
"dateReserved": "2022-07-23T03:00:17.374Z",
"dateUpdated": "2024-08-30T17:13:59.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41659 (GCVE-0-2022-41659)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-03 12:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:37.885Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-41659",
"datePublished": "2023-11-14T19:04:37.885Z",
"dateReserved": "2022-11-10T04:00:03.640Z",
"dateUpdated": "2024-08-03T12:49:43.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22305 (GCVE-0-2023-22305)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-14 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-680 - Integer overflow
Summary
Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:aptio_v_uefi_firmware_integrator_tools:5.27.03.0003:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aptio_v_uefi_firmware_integrator_tools",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "5.27.03.0003"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:aptio_v_uefi_firmware_integrator_tools:5.27.06.0017:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aptio_v_uefi_firmware_integrator_tools",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "5.27.06.0017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:05:55.329639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:26:02.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-680",
"description": "Integer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:51.733Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22305",
"datePublished": "2023-11-14T19:04:51.733Z",
"dateReserved": "2023-03-29T03:00:02.613Z",
"dateUpdated": "2024-08-14T20:26:02.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40220 (GCVE-0-2023-40220)
Vulnerability from cvelistv5
Published
2023-11-14 19:05
Modified
2024-08-14 20:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC BIOS firmware |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:05:01.544140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:02:05.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC BIOS firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper buffer restrictions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:05:05.694Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-40220",
"datePublished": "2023-11-14T19:05:05.694Z",
"dateReserved": "2023-08-23T03:00:02.607Z",
"dateUpdated": "2024-08-14T20:02:05.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34302 (GCVE-0-2022-34302)
Vulnerability from cvelistv5
Published
2022-08-26 00:00
Modified
2024-08-03 09:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:07:16.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/309662"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:06:27.663446",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot"
},
{
"url": "https://www.kb.cert.org/vuls/id/309662"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34302",
"datePublished": "2022-08-26T00:00:00",
"dateReserved": "2022-06-22T00:00:00",
"dateUpdated": "2024-08-03T09:07:16.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22337 (GCVE-0-2023-22337)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:55:10.311210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:55:25.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:26.578Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22337",
"datePublished": "2023-11-14T19:04:26.578Z",
"dateReserved": "2023-01-07T04:00:03.849Z",
"dateUpdated": "2024-08-30T17:55:25.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22290 (GCVE-0-2023-22290)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-248 - Uncaught exception
Summary
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:49:56.069259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:50:12.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-248",
"description": "Uncaught exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:28.347Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22290",
"datePublished": "2023-11-14T19:04:28.347Z",
"dateReserved": "2023-01-07T04:00:03.154Z",
"dateUpdated": "2024-08-30T17:50:12.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42879 (GCVE-0-2022-42879)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-395 - NULL pointer dereference
Summary
NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:57:33.160691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:57:43.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-395",
"description": "NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:34.203Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-42879",
"datePublished": "2023-11-14T19:04:22.757Z",
"dateReserved": "2022-12-07T04:00:07.253Z",
"dateUpdated": "2024-08-30T17:57:43.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34314 (GCVE-0-2023-34314)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Simics Simulator software |
Version: before version 1.7.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:28:49.966001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:29:08.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Simics Simulator software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:19.520Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-34314",
"datePublished": "2023-11-14T19:04:19.520Z",
"dateReserved": "2023-06-06T03:00:05.076Z",
"dateUpdated": "2024-08-30T18:29:08.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36377 (GCVE-0-2022-36377)
Vulnerability from cvelistv5
Published
2022-11-11 15:49
Modified
2025-02-05 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits & Mini PCs |
Version: before version 22.190.0.3 for Windows |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:40:33.068945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T14:34:04.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits \u0026 Mini PCs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 22.190.0.3 for Windows"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel(R) Wireless Adapter Driver installation software for Intel(R) NUC Kits \u0026 Mini PCs before version 22.190.0.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:47.733Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-36377",
"datePublished": "2022-11-11T15:49:12.793Z",
"dateReserved": "2022-07-23T03:00:19.782Z",
"dateUpdated": "2025-02-05T14:34:04.206Z",
"requesterUserId": "e1538295-92a9-4bd5-bb63-88a76fc3a35c",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28377 (GCVE-0-2023-28377)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-287 - Improper authentication
Summary
Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Kit NUC11PH USB firmware installation software |
Version: before version 1.1 for Windows |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_nuc_kit_nuc11ph_usb_firmware_installation_software:intel_nuc_kit_nuc11ph_usb_firmware_installation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_nuc_kit_nuc11ph_usb_firmware_installation_software",
"vendor": "intel_nuc_kit_nuc11ph_usb_firmware_installation_software",
"versions": [
{
"lessThan": "before_version_1.1_for_windows",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T16:10:54.774510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:25:56.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Kit NUC11PH USB firmware installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.1 for Windows"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-287",
"description": "Improper authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:48.989Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28377",
"datePublished": "2023-11-14T19:04:48.989Z",
"dateReserved": "2023-06-02T03:00:03.811Z",
"dateUpdated": "2024-08-30T16:25:56.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22663 (GCVE-0-2023-22663)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-287 - Improper authentication
Summary
Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:28:20.405243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:28:32.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-287",
"description": "Improper authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:30.019Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22663",
"datePublished": "2023-11-14T19:04:30.019Z",
"dateReserved": "2023-01-07T04:00:03.440Z",
"dateUpdated": "2024-08-30T18:28:32.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32658 (GCVE-0-2023-32658)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-428 - Unquoted search path
Summary
Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software |
Version: before version 1.79.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_nuc_kits_nuc7i3dn_nuc7i5dn_nuc7i7dn_hdmi_firmware_update_tool_software:intel_nuc_kits_nuc7i3dn_nuc7i5dn_nuc7i7dn_hdmi_firmware_update_tool_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_nuc_kits_nuc7i3dn_nuc7i5dn_nuc7i7dn_hdmi_firmware_update_tool_software",
"vendor": "intel_nuc_kits_nuc7i3dn_nuc7i5dn_nuc7i7dn_hdmi_firmware_update_tool_software",
"versions": [
{
"lessThan": "1.79.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T16:57:45.630916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:03:01.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.79.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-428",
"description": "Unquoted search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:45.847Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32658",
"datePublished": "2023-11-14T19:04:45.847Z",
"dateReserved": "2023-06-02T03:00:03.850Z",
"dateUpdated": "2024-08-30T17:03:01.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32660 (GCVE-0-2023-32660)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software |
Version: before version 46 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel_nuc_kit_nuc6i7kyk_thunderbolt_3_frimware_update_tool_installation_software:intel_nuc_kit_nuc6i7kyk_thunderbolt_3_frimware_update_tool_installation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_nuc_kit_nuc6i7kyk_thunderbolt_3_frimware_update_tool_installation_software",
"vendor": "intel_nuc_kit_nuc6i7kyk_thunderbolt_3_frimware_update_tool_installation_software",
"versions": [
{
"lessThan": "46",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T16:34:01.432773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:36:44.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 46"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:46.955Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-32660",
"datePublished": "2023-11-14T19:04:46.955Z",
"dateReserved": "2023-06-02T03:00:03.911Z",
"dateUpdated": "2024-08-30T16:36:44.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20568 (GCVE-0-2023-20568)
Vulnerability from cvelistv5
Published
2023-11-14 18:51
Modified
2025-02-13 16:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AMD | Radeon™ RX 5000/6000/7000 Series Graphics Cards |
Version: various |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: Adrenalin Edition 23.7.1",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX 5000/6000/7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "AMD Software: PRO Edition 23.Q3",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO W5000/W6000/W7000 Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 RX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"x86"
],
"product": "Radeon\u2122 PRO WX Vega Series Graphics Cards",
"vendor": "AMD",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2023-11-14T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T18:55:23.226Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html"
}
],
"source": {
"advisory": "AMD-SB-6003",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2023-20568",
"datePublished": "2023-11-14T18:51:35.466Z",
"dateReserved": "2022-10-27T18:53:39.754Z",
"dateUpdated": "2025-02-13T16:39:47.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27879 (GCVE-0-2023-27879)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 12:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-284 - Improper access control
Summary
Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) SSD products |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) SSD products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:56.352Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27879",
"datePublished": "2023-11-14T19:04:56.352Z",
"dateReserved": "2023-03-08T04:00:03.732Z",
"dateUpdated": "2024-08-02T12:23:30.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25949 (GCVE-0-2023-25949)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 15:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-400 - Uncontrolled resource consumption
Summary
Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Aptio* V UEFI Firmware Integrator Tools |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:01:41.330951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T15:21:08.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Aptio* V UEFI Firmware Integrator Tools",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-400",
"description": "Uncontrolled resource consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:52.332Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25949",
"datePublished": "2023-11-14T19:04:52.332Z",
"dateReserved": "2023-03-29T03:00:02.485Z",
"dateUpdated": "2024-08-30T15:21:08.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45109 (GCVE-0-2022-45109)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-665 - Improper initialization
Summary
Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:58:39.288827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:08:16.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-665",
"description": "Improper initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:33.332Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-45109",
"datePublished": "2023-11-14T19:04:33.332Z",
"dateReserved": "2022-11-10T04:00:03.626Z",
"dateUpdated": "2024-08-30T16:08:16.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46646 (GCVE-0-2022-46646)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-200 - Exposure of sensitive information to an unauthorized actor
Summary
Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T15:59:29.554559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T16:03:29.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-200",
"description": "Exposure of sensitive information to an unauthorized actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:36.776Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-46646",
"datePublished": "2023-11-14T19:04:36.776Z",
"dateReserved": "2022-12-06T04:00:03.838Z",
"dateUpdated": "2024-08-30T16:03:29.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38570 (GCVE-0-2023-38570)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-788 - Access of memory location after end of buffer
Summary
Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Unison software |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:46:07.691439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:46:23.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel Unison software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-788",
"description": "Access of memory location after end of buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-14T19:04:31.663Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38570",
"datePublished": "2023-11-14T19:04:31.663Z",
"dateReserved": "2023-08-01T18:07:23.330Z",
"dateUpdated": "2024-08-30T17:46:23.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…