Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0397
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Bibliothèque Libva iotg-lin-gfx-libva toutes verions
- Bibliothèque Libva versions antérieures à 2.20.0
- Installateur Endurance Gaming Mode versions antérieures à 1.3.937.0
- Intel Advisor versions antérieures à 2024.0
- Intel Agilex 7 FPGA et SoC FPGA versions antérieures à 2.9.0
- Intel Arc & Iris Xe Graphics versions antérieures à 31.0.101.5081
- Intel Arc Control versions antérieures à 1.73.5335.2
- Intel Chipset Device Software versions antérieures à 10.1.19444.8378
- Intel Code Base Investigator (CBI) versions antérieures à 1.1.0
- Intel Computing Improvement Program versions antérieures à 2.4.10654
- Intel Context Sensing Technology (CST) versions antérieures à 2.1.10300
- Intel Data Center GPU Max Series 1100 and 1550 toutes versions
- Intel Distribution pour GDB versions antérieures à 2024.0
- Intel Dynamic Load Balancer versions antérieures à 8.5.0
- Intel Dynamic Tuning Technology (DTT) sans les derniers correctifs de sécurité
- Intel Ethernet Adapter Complete Driver Pack versions antérieures à 28.3
- Intel Ethernet Adapters versions antérieures à 29.0.1
- Intel Ethernet Connections Boot Utility, Preboot Images et EFI Drivers versions antérieures à 28.3
- Intel Extreme Tuning Utility (XTU) versions antérieures à 7.14.0.15
- Intel Graphics Command Center Service embarqué dans le pilote Intel Graphics Windows DCH versions antérieures à 31.0.101.3790 et 31.0.101.2114
- Intel Graphics Performance Analyzers (GPA) Framework versions antérieures à 2023.4.
- Intel Graphics Performance Analyzers (GPA) versions antérieures à 2023.4.
- Intel HPC Toolkit versions antérieures à 2024.0
- Intel Inspector versions antérieures à 2024.0
- Intel Media SDK toutes versions
- Intel Neural Compressor versions antérieures à 2.5.0
- Intel oneAPI Base Toolkit versions antérieures à 2024.0
- Intel oneAPI HPC Toolkit versions antérieures à 2024.0.1.
- Intel oneVPL versions antérieures à 23.3.5
- Intel Performance Counter Monitor (PCM) versions antérieures à 202311
- Intel Power Gadget toutes versions
- Intel Processor Diagnostic Tool versions antérieures à 4.1.9.41
- Intel Processor Identification Utility versions antérieures à 7.1.6
- Intel Processor Identification Utility-Legacy versions antérieures à 6.10.34.1129
- Intel Quartus Prime Lite, Standard et Pro Design versions antérieures à 23.1
- Intel Stratix 10 FPGA et SoC FPGA versions antérieures à 2.9.0
- Intel Trace Analyzer and Collector versions antérieures à 2022.0.0 publiées en novembre 2023
- Intel Trust Domain Extensions (TDX) module versions antérieures à TDX_1.5.05.46.698
- Intel VTune Profiler versions antérieures à 2024.0
- Logiciels Intel PROSet/Wireless WiFi et Bluetooth versions antérieures à 23.20
- Micrologiciel Intel Bios Guard sans les derniers correctifs de sécurité
- Micrologiciel Intel Bios PPAM sans les derniers correctifs de sécurité
- Micrologiciel Intel Ethernet Controller I225 Manageability versions antérieures à NVM 1.87
- Micrologiciel UEFI pour Intel Server Board S2600BP toutes versions
- Micrologiciel UEFI pour Intel Server D50DNP sans les derniers correctifs de sécurité
- Micrologiciel UEFI pour Intel Server M50FCP sans les derniers correctifs de sécurité
- Micrologiciels pour Intel Agilex 7 FPGA et SoC FPGA versions antérieures à 23.3
- Micrologiciels pour Intel Stratix 10 FPGA et SoC FPGA versions antérieures à 23.3
- Pilote Intel Thunderbolt versions antérieures à 89
- Pilote Onboard vidéo versions antérieures à 1.14 pour Intel Server Boards basés sur des puces Intel 62X
- Processeurs Intel Core Ultra, plateforme Meteor Lake sans les derniers correctifs de sécurité
- Programme de désinstallation Intel Driver & Support Assistant (DSA) versions antérieures à 23.4.39.10
Intel a indiqué qu'aucun correctif de sécurité ne sera fourni pour Intel Power Gadget et pour le micrologiciel UEFI pour Intel Server Board S2600BP. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des produits affectés par les vulnérabilité CVE-2023-45733 et CVE-2024-21823 (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eBiblioth\u00e8que Libva iotg-lin-gfx-libva toutes verions\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Libva versions ant\u00e9rieures \u00e0 2.20.0\u003c/li\u003e \u003cli\u003eInstallateur Endurance Gaming Mode versions ant\u00e9rieures \u00e0 1.3.937.0\u003c/li\u003e \u003cli\u003eIntel Advisor versions ant\u00e9rieures \u00e0 2024.0\u003c/li\u003e \u003cli\u003eIntel Agilex 7 FPGA et SoC FPGA versions ant\u00e9rieures \u00e0 2.9.0\u003c/li\u003e \u003cli\u003eIntel Arc \u0026amp; Iris Xe Graphics versions ant\u00e9rieures \u00e0 31.0.101.5081\u003c/li\u003e \u003cli\u003eIntel Arc Control versions ant\u00e9rieures \u00e0 1.73.5335.2\u003c/li\u003e \u003cli\u003eIntel Chipset Device Software versions ant\u00e9rieures \u00e0 10.1.19444.8378\u003c/li\u003e \u003cli\u003eIntel Code Base Investigator (CBI) versions ant\u00e9rieures \u00e0 1.1.0\u003c/li\u003e \u003cli\u003eIntel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.4.10654\u003c/li\u003e \u003cli\u003eIntel Context Sensing Technology (CST) versions ant\u00e9rieures \u00e0 2.1.10300\u003c/li\u003e \u003cli\u003eIntel Data Center GPU Max Series 1100 and 1550 toutes versions\u003c/li\u003e \u003cli\u003eIntel Distribution pour GDB versions ant\u00e9rieures \u00e0 2024.0\u003c/li\u003e \u003cli\u003eIntel Dynamic Load Balancer versions ant\u00e9rieures \u00e0 8.5.0\u003c/li\u003e \u003cli\u003eIntel Dynamic Tuning Technology (DTT) sans les derniers correctifs de s\u00e9curit\u00e9\u003c/li\u003e \u003cli\u003eIntel Ethernet Adapter Complete Driver Pack versions ant\u00e9rieures \u00e0 28.3\u003c/li\u003e \u003cli\u003eIntel Ethernet Adapters versions ant\u00e9rieures \u00e0 29.0.1\u003c/li\u003e \u003cli\u003eIntel Ethernet Connections Boot Utility, Preboot Images et EFI Drivers versions ant\u00e9rieures \u00e0 28.3\u003c/li\u003e \u003cli\u003eIntel Extreme Tuning Utility (XTU) versions ant\u00e9rieures \u00e0 7.14.0.15\u003c/li\u003e \u003cli\u003eIntel Graphics Command Center Service embarqu\u00e9 dans le pilote Intel Graphics Windows DCH versions ant\u00e9rieures \u00e0 31.0.101.3790 et 31.0.101.2114\u003c/li\u003e \u003cli\u003eIntel Graphics Performance Analyzers (GPA) Framework versions ant\u00e9rieures \u00e0 2023.4.\u003c/li\u003e \u003cli\u003eIntel Graphics Performance Analyzers (GPA) versions ant\u00e9rieures \u00e0 2023.4.\u003c/li\u003e \u003cli\u003eIntel HPC Toolkit versions ant\u00e9rieures \u00e0 2024.0\u003c/li\u003e \u003cli\u003eIntel Inspector versions ant\u00e9rieures \u00e0 2024.0\u003c/li\u003e \u003cli\u003eIntel Media SDK toutes versions\u003c/li\u003e \u003cli\u003eIntel Neural Compressor versions ant\u00e9rieures \u00e0 2.5.0\u003c/li\u003e \u003cli\u003eIntel oneAPI Base Toolkit versions ant\u00e9rieures \u00e0 2024.0\u003c/li\u003e \u003cli\u003eIntel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2024.0.1.\u003c/li\u003e \u003cli\u003eIntel oneVPL versions ant\u00e9rieures \u00e0 23.3.5\u003c/li\u003e \u003cli\u003eIntel Performance Counter Monitor (PCM) versions ant\u00e9rieures \u00e0 202311\u003c/li\u003e \u003cli\u003eIntel Power Gadget toutes versions\u003c/li\u003e \u003cli\u003eIntel Processor Diagnostic Tool versions ant\u00e9rieures \u00e0 4.1.9.41\u003c/li\u003e \u003cli\u003eIntel Processor Identification Utility versions ant\u00e9rieures \u00e0 7.1.6\u003c/li\u003e \u003cli\u003eIntel Processor Identification Utility-Legacy versions ant\u00e9rieures \u00e0 6.10.34.1129\u003c/li\u003e \u003cli\u003eIntel Quartus Prime Lite, Standard et Pro Design versions ant\u00e9rieures \u00e0 23.1\u003c/li\u003e \u003cli\u003eIntel Stratix 10 FPGA et SoC FPGA versions ant\u00e9rieures \u00e0 2.9.0\u003c/li\u003e \u003cli\u003eIntel Trace Analyzer and Collector versions ant\u00e9rieures \u00e0 2022.0.0 publi\u00e9es en novembre 2023\u003c/li\u003e \u003cli\u003eIntel Trust Domain Extensions (TDX) module versions ant\u00e9rieures \u00e0 TDX_1.5.05.46.698\u003c/li\u003e \u003cli\u003eIntel VTune Profiler versions ant\u00e9rieures \u00e0 2024.0\u003c/li\u003e \u003cli\u003eLogiciels Intel PROSet/Wireless WiFi et Bluetooth versions ant\u00e9rieures \u00e0 23.20\u003c/li\u003e \u003cli\u003eMicrologiciel Intel Bios Guard sans les derniers correctifs de s\u00e9curit\u00e9\u003c/li\u003e \u003cli\u003eMicrologiciel Intel Bios PPAM sans les derniers correctifs de s\u00e9curit\u00e9\u003c/li\u003e \u003cli\u003eMicrologiciel Intel Ethernet Controller I225 Manageability versions ant\u00e9rieures \u00e0 NVM 1.87\u003c/li\u003e \u003cli\u003eMicrologiciel UEFI pour Intel Server Board S2600BP toutes versions\u003c/li\u003e \u003cli\u003eMicrologiciel UEFI pour Intel Server D50DNP sans les derniers correctifs de s\u00e9curit\u00e9\u003c/li\u003e \u003cli\u003eMicrologiciel UEFI pour Intel Server M50FCP sans les derniers correctifs de s\u00e9curit\u00e9\u003c/li\u003e \u003cli\u003eMicrologiciels pour Intel Agilex 7 FPGA et SoC FPGA versions ant\u00e9rieures \u00e0 23.3\u003c/li\u003e \u003cli\u003eMicrologiciels pour Intel Stratix 10 FPGA et SoC FPGA versions ant\u00e9rieures \u00e0 23.3\u003c/li\u003e \u003cli\u003ePilote Intel Thunderbolt versions ant\u00e9rieures \u00e0 89\u003c/li\u003e \u003cli\u003ePilote Onboard vid\u00e9o versions ant\u00e9rieures \u00e0 1.14 pour Intel Server Boards bas\u00e9s sur des puces Intel 62X\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core Ultra, plateforme Meteor Lake sans les derniers correctifs de s\u00e9curit\u00e9\u003c/li\u003e \u003cli\u003eProgramme de d\u00e9sinstallation Intel Driver \u0026amp; Support Assistant (DSA) versions ant\u00e9rieures \u00e0 23.4.39.10\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIntel a indiqu\u00e9 qu\u0027aucun correctif de s\u00e9curit\u00e9 ne sera fourni pour Intel Power Gadget et pour le micrologiciel UEFI pour Intel Server Board S2600BP. Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des produits affect\u00e9s par les vuln\u00e9rabilit\u00e9 CVE-2023-45733 et CVE-2024-21823 (cf. section Documentation).\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22379"
},
{
"name": "CVE-2023-35192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35192"
},
{
"name": "CVE-2024-24971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24971"
},
{
"name": "CVE-2024-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21864"
},
{
"name": "CVE-2023-46103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
},
{
"name": "CVE-2023-47859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47859"
},
{
"name": "CVE-2024-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21862"
},
{
"name": "CVE-2021-33146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33146"
},
{
"name": "CVE-2023-48368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48368"
},
{
"name": "CVE-2023-46689",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46689"
},
{
"name": "CVE-2023-45845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45845"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2024-21818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21818"
},
{
"name": "CVE-2021-33161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33161"
},
{
"name": "CVE-2023-45846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45846"
},
{
"name": "CVE-2024-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21861"
},
{
"name": "CVE-2021-33157",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33157"
},
{
"name": "CVE-2023-42433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42433"
},
{
"name": "CVE-2021-33162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33162"
},
{
"name": "CVE-2021-33158",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33158"
},
{
"name": "CVE-2023-38581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38581"
},
{
"name": "CVE-2022-37341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37341"
},
{
"name": "CVE-2024-23487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23487"
},
{
"name": "CVE-2023-41082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41082"
},
{
"name": "CVE-2023-43629",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43629"
},
{
"name": "CVE-2024-22382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22382"
},
{
"name": "CVE-2023-43745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43745"
},
{
"name": "CVE-2021-33141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33141"
},
{
"name": "CVE-2023-28383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28383"
},
{
"name": "CVE-2023-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45736"
},
{
"name": "CVE-2024-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21835"
},
{
"name": "CVE-2023-22662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22662"
},
{
"name": "CVE-2024-21813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21813"
},
{
"name": "CVE-2024-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21831"
},
{
"name": "CVE-2023-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41234"
},
{
"name": "CVE-2023-45743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45743"
},
{
"name": "CVE-2023-39433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39433"
},
{
"name": "CVE-2023-43751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43751"
},
{
"name": "CVE-2023-45315",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45315"
},
{
"name": "CVE-2023-42668",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42668"
},
{
"name": "CVE-2024-21828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21828"
},
{
"name": "CVE-2023-47282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47282"
},
{
"name": "CVE-2023-38417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38417"
},
{
"name": "CVE-2023-40070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40070"
},
{
"name": "CVE-2023-39929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39929"
},
{
"name": "CVE-2024-22476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22476"
},
{
"name": "CVE-2023-40155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40155"
},
{
"name": "CVE-2024-21774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21774"
},
{
"name": "CVE-2024-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21772"
},
{
"name": "CVE-2024-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21814"
},
{
"name": "CVE-2023-45320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45320"
},
{
"name": "CVE-2022-37410",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37410"
},
{
"name": "CVE-2023-29165",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29165"
},
{
"name": "CVE-2023-47169",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47169"
},
{
"name": "CVE-2023-27504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27504"
},
{
"name": "CVE-2023-48727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48727"
},
{
"name": "CVE-2021-33142",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33142"
},
{
"name": "CVE-2023-38420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38420"
},
{
"name": "CVE-2024-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22015"
},
{
"name": "CVE-2023-45221",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45221"
},
{
"name": "CVE-2023-47855",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47855"
},
{
"name": "CVE-2023-45217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45217"
},
{
"name": "CVE-2024-22390",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22390"
},
{
"name": "CVE-2024-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21792"
},
{
"name": "CVE-2024-21837",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21837"
},
{
"name": "CVE-2023-38654",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38654"
},
{
"name": "CVE-2023-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41092"
},
{
"name": "CVE-2023-27305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27305"
},
{
"name": "CVE-2023-49614",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49614"
},
{
"name": "CVE-2024-22384",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22384"
},
{
"name": "CVE-2023-40536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40536"
},
{
"name": "CVE-2023-42773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42773"
},
{
"name": "CVE-2023-24460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24460"
},
{
"name": "CVE-2024-23980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23980"
},
{
"name": "CVE-2023-47165",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47165"
},
{
"name": "CVE-2023-41961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41961"
},
{
"name": "CVE-2023-43487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43487"
},
{
"name": "CVE-2023-22656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22656"
},
{
"name": "CVE-2024-24981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24981"
},
{
"name": "CVE-2024-21777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21777"
},
{
"name": "CVE-2023-45745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45745"
},
{
"name": "CVE-2024-21809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21809"
},
{
"name": "CVE-2023-47210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47210"
},
{
"name": "CVE-2023-28402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28402"
},
{
"name": "CVE-2024-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21843"
},
{
"name": "CVE-2023-40071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40071"
},
{
"name": "CVE-2023-25952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25952"
},
{
"name": "CVE-2023-46691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46691"
},
{
"name": "CVE-2023-45733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
},
{
"name": "CVE-2024-21841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21841"
},
{
"name": "CVE-2023-43748",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43748"
},
{
"name": "CVE-2024-21788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21788"
},
{
"name": "CVE-2024-22095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22095"
},
{
"name": "CVE-2022-42879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42879"
},
{
"name": "CVE-2021-33145",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33145"
}
],
"initial_release_date": "2024-05-15T00:00:00",
"last_revision_date": "2024-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0397",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01012 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01012.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01035 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01035.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00983 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01036 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01037 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01034 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01034.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01067 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01042 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01042.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00984 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01032 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01032.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00756 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01020 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01021 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01054 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01054.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01051 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01066 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01066.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01056 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01056.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01039 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01007 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00814 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01047 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01047.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01052 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01055 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01031 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01031.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00996 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00996.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01013 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01013.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01059 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01059.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00916 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00916.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01080 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01053 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00935 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00962 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00962.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00965 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00965.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01041 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01041.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00937 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00937.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01084 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01043 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01043.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01109 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01069 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01069.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00831 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01050 du 14 mai 2024",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html"
}
]
}
CVE-2023-45221 (GCVE-0-2023-45221)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Media SDK |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:49:15.391708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:02.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Media SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:40.812Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45221",
"datePublished": "2024-05-16T20:47:40.812Z",
"dateReserved": "2023-11-18T04:00:12.345Z",
"dateUpdated": "2024-08-02T20:14:19.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21777 (GCVE-0-2024-21777)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Quartus(R) Prime Pro Edition Design software |
Version: before version 23.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:quartus_prime_pro:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quartus_prime_pro",
"vendor": "intel",
"versions": [
{
"lessThan": "23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:57:04.776286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:59:24.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Quartus(R) Prime Pro Edition Design software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:06.188Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21777",
"datePublished": "2024-05-16T20:47:06.188Z",
"dateReserved": "2024-01-10T04:00:05.782Z",
"dateUpdated": "2024-08-01T22:27:36.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22656 (GCVE-0-2023-22656)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 10:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-125 - Out-of-bounds read
Summary
Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Media SDK and some Intel(R) oneVPL software |
Version: before version 23.3.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:media_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "media_sdk",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:onevpl_gpu_runtime:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "onevpl_gpu_runtime",
"vendor": "intel",
"versions": [
{
"lessThan": "23.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:57:28.358305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T19:27:18.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Media SDK and some Intel(R) oneVPL software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:41.469Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22656",
"datePublished": "2024-05-16T20:47:41.469Z",
"dateReserved": "2023-01-11T04:00:03.391Z",
"dateUpdated": "2024-08-02T10:13:49.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21772 (GCVE-0-2024-21772)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-21 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Advisor software |
Version: before version 2024.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01047.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01047.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:advisor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "advisor",
"vendor": "intel",
"versions": [
{
"lessThan": "2024.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "oneapi_base_toolkit",
"vendor": "intel",
"versions": [
{
"lessThan": "2024.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:56:15.912324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:01:22.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Advisor software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2024.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:10.809Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01047.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01047.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21772",
"datePublished": "2024-05-16T20:47:10.809Z",
"dateReserved": "2024-01-02T16:55:54.934Z",
"dateUpdated": "2024-08-21T15:01:22.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45736 (GCVE-0-2023-45736)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for Windows |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:33:13.736889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:00.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:21.713Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45736",
"datePublished": "2024-05-16T20:47:21.713Z",
"dateReserved": "2023-11-09T04:00:08.101Z",
"dateUpdated": "2024-08-02T20:29:31.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37410 (GCVE-0-2022-37410)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 10:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Thunderbolt driver software |
Version: before version 89 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:thunderbolt_dch_driver:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "affected",
"product": "thunderbolt_dch_driver",
"vendor": "intel",
"versions": [
{
"lessThan": "89",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:thunderbolt_non-dch_driver:-:*:*:*:*:windows:*:*"
],
"defaultStatus": "affected",
"product": "thunderbolt_non-dch_driver",
"vendor": "intel",
"versions": [
{
"lessThan": "89",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T20:02:27.747823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:16:10.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00916.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00916.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Thunderbolt driver software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 89"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel(R) Thunderbolt driver software before version 89 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:43.732Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00916.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00916.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-37410",
"datePublished": "2024-05-16T20:47:43.732Z",
"dateReserved": "2022-09-29T03:00:05.384Z",
"dateUpdated": "2024-08-03T10:29:20.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41092 (GCVE-0-2023-41092)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-21 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-252 - Unchecked return value
Summary
Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs |
Version: before version 23.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T17:55:01.406038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T17:55:14.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-252",
"description": "Unchecked return value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:35.955Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-41092",
"datePublished": "2024-05-16T20:47:35.955Z",
"dateReserved": "2023-09-07T03:00:03.704Z",
"dateUpdated": "2024-08-21T17:55:14.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46689 (GCVE-0-2023-46689)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-707 - Improper neutralization
Summary
Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for macOS |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:43:29.626397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707 Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:18.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for macOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-707",
"description": "Improper neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:19.349Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-46689",
"datePublished": "2024-05-16T20:47:19.349Z",
"dateReserved": "2023-11-09T04:00:08.283Z",
"dateUpdated": "2024-08-02T20:53:20.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21841 (GCVE-0-2024-21841)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Distribution for GDB software |
Version: before version 2024.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:gdb_software:2024.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gdb_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "2024.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T14:53:43.660943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:34.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01042.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01042.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Distribution for GDB software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2024.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) Distribution for GDB software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:12.433Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01042.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01042.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21841",
"datePublished": "2024-05-16T20:47:12.433Z",
"dateReserved": "2024-01-02T16:55:54.846Z",
"dateUpdated": "2024-08-01T22:27:36.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22015 (GCVE-0-2024-22015)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) DLB driver software |
Version: before version 8.5.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:dynamic_load_balancer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dynamic_load_balancer",
"vendor": "intel",
"versions": [
{
"lessThan": "8.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:13:11.383126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:00:48.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00996.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00996.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) DLB driver software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 8.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) DLB driver software before version 8.5.0 may allow an authenticated user to potentially denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:36.565Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00996.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00996.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-22015",
"datePublished": "2024-05-16T20:47:36.565Z",
"dateReserved": "2024-01-05T04:00:20.775Z",
"dateUpdated": "2024-08-01T22:35:34.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43748 (GCVE-0-2023-43748)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA Framework software installers |
Version: before version 2023.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graphics_performance_analyzer",
"vendor": "intel",
"versions": [
{
"lessThan": "2023.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T18:30:15.305175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:45:40.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA Framework software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) GPA Framework software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:44.843Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-43748",
"datePublished": "2024-05-16T20:47:44.843Z",
"dateReserved": "2023-10-12T03:00:12.462Z",
"dateUpdated": "2024-08-02T19:52:10.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21835 (GCVE-0-2024-21835)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) XTU software |
Version: before version 7.14.0.15 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "extreme_tuning_utility",
"vendor": "intel",
"versions": [
{
"lessThan": "7.14.0.15",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T16:03:05.830064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:17.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01066.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01066.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) XTU software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 7.14.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-277",
"description": "Insecure inherited permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:03.441Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01066.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01066.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21835",
"datePublished": "2024-05-16T20:47:03.441Z",
"dateReserved": "2024-01-13T04:00:09.701Z",
"dateUpdated": "2024-08-01T22:27:36.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33146 (GCVE-0-2021-33146)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:ethernet_controller_i225_manageability_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_controller_i225_manageability_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": " nvm_version_1.87",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_adapter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_adapter",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:14:48.694537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:13:36.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:55.627Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33146",
"datePublished": "2024-05-16T20:47:55.627Z",
"dateReserved": "2021-05-18T00:31:17.240Z",
"dateUpdated": "2024-08-03T23:42:19.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23487 (GCVE-0-2024-23487)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2024-08-20 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper Input Validation
Summary
Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | UEFI firmware for some Intel(R) Server D50DNP Family products |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_system_d50tnp2mhsvac_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T17:53:17.075430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T15:02:53.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UEFI firmware for some Intel(R) Server D50DNP Family products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:46:58.874Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-23487",
"datePublished": "2024-05-16T20:46:58.874Z",
"dateReserved": "2024-02-08T04:00:11.968Z",
"dateUpdated": "2024-08-20T15:02:53.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46691 (GCVE-0-2023-46691)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-416 - Use after free
Summary
Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for Windows |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:49:30.899763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:09.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-416",
"description": "Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:21.139Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-46691",
"datePublished": "2024-05-16T20:47:21.139Z",
"dateReserved": "2023-11-18T04:00:12.351Z",
"dateUpdated": "2024-08-02T20:53:20.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49614 (GCVE-0-2023-49614)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-15 15:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure, escalation of privilege
- CWE-787 - Out-of-bounds Write
Summary
Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) FPGA products |
Version: before version 2.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_006_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_006_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_008_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_008_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_012_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_012_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_019_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_019_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_022_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_022_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_023_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_023_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_019_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_019_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_022_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_022_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_023_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_023_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_027_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_027_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_040_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_040_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_041_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_041_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_014_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_014_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_027_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_027_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_035_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_035_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_m-series_039_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_m-series_039_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:13:59.944510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:18:44.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) FPGA products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure, escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:09.618Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-49614",
"datePublished": "2024-05-16T20:47:09.618Z",
"dateReserved": "2023-11-28T04:00:14.847Z",
"dateUpdated": "2024-08-15T15:18:44.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42773 (GCVE-0-2023-42773)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 19:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-707 - Improper neutralization
Summary
Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for Windows |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:48:07.552846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707 Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:19.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-707",
"description": "Improper neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:20.527Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-42773",
"datePublished": "2024-05-16T20:47:20.527Z",
"dateReserved": "2023-11-09T04:00:08.039Z",
"dateUpdated": "2024-08-02T19:30:24.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21792 (GCVE-0-2024-21792)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-367 - Time-of-check Time-of-use race condition
Summary
Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Neural Compressor software |
Version: before version 2.5.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:neural_compressor_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "neural_compressor_software",
"vendor": "intel",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:49:13.074891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:16.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Neural Compressor software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use race condition in Intel(R) Neural Compressor software before version 2.5.0 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-367",
"description": "Time-of-check Time-of-use race condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:46:57.208Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21792",
"datePublished": "2024-05-16T20:46:57.208Z",
"dateReserved": "2024-01-13T04:00:09.712Z",
"dateUpdated": "2024-08-01T22:27:36.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27305 (GCVE-0-2023-27305)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 12:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:32.645Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27305",
"datePublished": "2023-11-14T19:04:21.686Z",
"dateReserved": "2023-03-08T04:00:03.633Z",
"dateUpdated": "2024-08-02T12:09:43.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22384 (GCVE-0-2024-22384)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-125 - Out-of-bounds read
Summary
Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Trace Analyzer and Collector software |
Version: before version 2022.0.0 published Nov 2023 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T12:41:00.739733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:52.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Trace Analyzer and Collector software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2022.0.0 published Nov 2023"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:37.779Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-22384",
"datePublished": "2024-05-16T20:47:37.779Z",
"dateReserved": "2024-01-17T04:00:22.746Z",
"dateUpdated": "2024-08-01T22:43:34.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33158 (GCVE-0-2021-33158)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-86 - Improper neutralization
Summary
Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:36:31.414341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:02.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-86",
"description": "Improper neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:53.987Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33158",
"datePublished": "2024-05-16T20:47:53.987Z",
"dateReserved": "2021-05-18T00:31:17.246Z",
"dateUpdated": "2024-08-03T23:42:20.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45733 (GCVE-0-2023-45733)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-1298 - Hardware logic contains race conditions
Summary
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processors |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T16:02:23.588461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:04.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-1298",
"description": "Hardware logic contains race conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:09.057Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45733",
"datePublished": "2024-05-16T20:47:09.057Z",
"dateReserved": "2023-11-18T04:00:12.368Z",
"dateUpdated": "2024-08-02T20:29:32.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23980 (GCVE-0-2024-23980)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2024-08-20 15:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | UEFI firmware for some Intel(R) Server D50FCP Family products |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_system_d50tnp2mhsvac_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:53:01.917628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T15:00:07.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UEFI firmware for some Intel(R) Server D50FCP Family products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:46:59.941Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-23980",
"datePublished": "2024-05-16T20:46:59.941Z",
"dateReserved": "2024-03-11T03:00:02.425Z",
"dateUpdated": "2024-08-20T15:00:07.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38654 (GCVE-0-2023-38654)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | some Intel(R) PROSet/Wireless WiFi software for Windows |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T12:55:38.544403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:19.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "some Intel(R) PROSet/Wireless WiFi software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:14.030Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38654",
"datePublished": "2024-05-16T20:47:14.030Z",
"dateReserved": "2023-10-25T03:00:09.575Z",
"dateUpdated": "2024-08-02T17:46:56.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29165 (GCVE-0-2023-29165)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-428 - Unquoted search path or element
Summary
Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unquoted search path or element in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-428",
"description": "Unquoted search path or element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:31.843Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-29165",
"datePublished": "2023-11-14T19:04:20.572Z",
"dateReserved": "2023-04-07T03:00:04.456Z",
"dateUpdated": "2024-08-02T14:00:15.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22476 (GCVE-0-2024-22476)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2024-08-01 22:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Neural Compressor software |
Version: before version 2.5.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:neural_compressor_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "neural_compressor_software",
"vendor": "intel",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T13:23:41.156623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:38.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:10.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Neural Compressor software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:46:56.635Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-22476",
"datePublished": "2024-05-16T20:46:56.635Z",
"dateReserved": "2024-01-13T04:00:09.670Z",
"dateUpdated": "2024-08-01T22:51:10.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40536 (GCVE-0-2023-40536)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-421 - Race condition
Summary
Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PROSet/Wireless WiFi software for Windows |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T12:53:13.065052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:08.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) PROSet/Wireless WiFi software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-421",
"description": "Race condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:17.497Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-40536",
"datePublished": "2024-05-16T20:47:17.497Z",
"dateReserved": "2023-11-03T03:00:20.855Z",
"dateUpdated": "2024-08-02T18:38:50.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22095 (GCVE-0-2024-22095)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-20 15:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper Input Validation
Summary
Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | UEFI firmware for some Intel(R) Server D50DNP Family products |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_system_d50tnp2mhsvac_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:59:37.352402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T15:01:37.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UEFI firmware for some Intel(R) Server D50DNP Family products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:00.564Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-22095",
"datePublished": "2024-05-16T20:47:00.564Z",
"dateReserved": "2024-01-24T04:00:22.618Z",
"dateUpdated": "2024-08-20T15:01:37.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28402 (GCVE-0-2023-28402)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-21 16:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) BIOS Guard firmware |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:whiskey_lake:-:*:*:*:*:*:*:*",
"cpe:2.3:h:intel:alder_lake:-:*:*:*:*:*:*:*",
"cpe:2.3:h:intel:tiger_lake:-:*:*:*:*:*:*:*",
"cpe:2.3:h:intel:rocket_lake:-:*:*:*:*:*:*:*",
"cpe:2.3:h:intel:ice_lake:-:*:*:*:*:*:*:*",
"cpe:2.3:h:intel:comet_lake:-:*:*:*:client:*:*:*"
],
"defaultStatus": "unaffected",
"product": "comet_lake",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:22:52.539494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:31:36.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) BIOS Guard firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:47.702Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28402",
"datePublished": "2024-05-16T20:47:47.702Z",
"dateReserved": "2023-05-06T03:00:04.296Z",
"dateUpdated": "2024-08-21T16:31:36.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47210 (GCVE-0-2023-47210)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 21:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PROSet/Wireless WiFi software for linux |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:killer_wi-fi_6_ax1650:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "killer_wi-fi_6_ax1650",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_6_ax200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_6_ax200",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_6_ax201:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_6_ax201",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_7_be200:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_7_be200",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:wireless-ac_9260:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireless-ac_9260",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:wireless-ac_9560:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wireless-ac_9560",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:wi-fi_7_be202:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wi-fi_7_be202",
"vendor": "intel",
"versions": [
{
"lessThan": "23.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:28:43.567811Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:45:41.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) PROSet/Wireless WiFi software for linux",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:15.546Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-47210",
"datePublished": "2024-05-16T20:47:15.546Z",
"dateReserved": "2023-11-03T03:00:20.843Z",
"dateUpdated": "2024-08-02T21:01:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21831 (GCVE-0-2024-21831)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processor Diagnostic Tool software |
Version: before version 4.1.9.41 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:processor_diagnostic_tool:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "processor_diagnostic_tool",
"vendor": "intel",
"versions": [
{
"lessThan": "4.1.9.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21831",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:56:09.424585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:00:35.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01069.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01069.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processor Diagnostic Tool software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.1.9.41"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:01.758Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01069.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01069.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21831",
"datePublished": "2024-05-16T20:47:01.758Z",
"dateReserved": "2024-01-10T04:00:05.999Z",
"dateUpdated": "2024-08-01T22:27:36.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33142 (GCVE-0-2021-33142)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:50:13.687059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:01.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:54.832Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33142",
"datePublished": "2024-05-16T20:47:54.832Z",
"dateReserved": "2021-05-18T00:31:17.239Z",
"dateUpdated": "2024-08-03T23:42:20.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21774 (GCVE-0-2024-21774)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled Search Path Element
Summary
Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Processor Identification Utility software |
Version: before versions 6.10.34.1129, 7.1.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T12:59:51.044764Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:46.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01054.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01054.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Processor Identification Utility software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before versions 6.10.34.1129, 7.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Processor Identification Utility software before versions 6.10.34.1129, 7.1.6 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:07.267Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01054.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01054.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21774",
"datePublished": "2024-05-16T20:47:07.267Z",
"dateReserved": "2024-01-02T16:55:54.913Z",
"dateUpdated": "2024-08-01T22:27:36.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21837 (GCVE-0-2024-21837)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Quartus(R) Prime Lite Edition Design software |
Version: before version 23.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:prime_pro_edition_design:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "prime_pro_edition_design",
"vendor": "intel",
"versions": [
{
"lessThan": "23.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:quartus_prime_lite_edition_design_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "quartus_prime_lite_edition_design_software",
"vendor": "intel",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:quartus_prime_standard_edition_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quartus_prime_standard_edition_software",
"vendor": "intel",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:12:07.771041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:39.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Quartus(R) Prime Lite Edition Design software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:05.032Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21837",
"datePublished": "2024-05-16T20:47:05.032Z",
"dateReserved": "2024-01-05T04:00:20.750Z",
"dateUpdated": "2024-08-01T22:27:36.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39433 (GCVE-0-2023-39433)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) CST software |
Version: before version 2.1.10300 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:context_sensing_technology:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "context_sensing_technology",
"vendor": "intel",
"versions": [
{
"lessThan": "2.1.10300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:20:40.631247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:10.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) CST software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.1.10300"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:30.516Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-39433",
"datePublished": "2024-05-16T20:47:30.516Z",
"dateReserved": "2023-08-23T03:00:02.621Z",
"dateUpdated": "2024-08-02T18:10:20.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21828 (GCVE-0-2024-21828)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-10-25 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Controller Administrative Tools software |
Version: before version 28.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:ethernet_adapter_complete_driver_pack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_adapter_complete_driver_pack",
"vendor": "intel",
"versions": [
{
"lessThan": "28.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_connections_boot_utility_preboot_images_and_efi_drivers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_connections_boot_utility_preboot_images_and_efi_drivers",
"vendor": "intel",
"versions": [
{
"lessThan": "28.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:45:55.740604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:09:34.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01056.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Controller Administrative Tools software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 28.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Ethernet Controller Administrative Tools software before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:04.497Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01056.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01056.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21828",
"datePublished": "2024-05-16T20:47:04.497Z",
"dateReserved": "2024-01-05T04:00:20.744Z",
"dateUpdated": "2024-10-25T19:09:34.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22390 (GCVE-0-2024-22390)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) FPGA products |
Version: before version 2.9.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_006_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_006_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_008_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_008_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_012_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_012_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_014_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_014_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_019_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_019_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_022_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_022_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_023_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_023_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_f-series_027_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_f-series_027_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_019_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_019_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_022_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_022_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_023_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_023_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_027_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_027_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_035_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_035_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_040_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_040_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_i-series_041_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_i-series_041_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:agilex_7_fpga_m-series_039_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "agilex_7_fpga_m-series_039_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "2.9.0",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:26:10.299202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:26.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) FPGA products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:10.231Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01050.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-22390",
"datePublished": "2024-05-16T20:47:10.231Z",
"dateReserved": "2024-01-10T04:00:05.821Z",
"dateUpdated": "2024-08-01T22:43:34.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43487 (GCVE-0-2023-43487)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) CST |
Version: before version 2.1.10300 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:35:42.493547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:03.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:42.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) CST",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.1.10300"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:29.912Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-43487",
"datePublished": "2024-05-16T20:47:29.912Z",
"dateReserved": "2023-10-05T03:00:02.456Z",
"dateUpdated": "2024-08-02T19:44:42.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28383 (GCVE-0-2023-28383)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-21 16:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper conditions check
Summary
Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) BIOS PPAM firmware |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:tiger_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tiger_lake",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:alder_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alder_lake",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:comet_lake:-:*:*:*:client:*:*:*"
],
"defaultStatus": "unknown",
"product": "comet_lake",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:rocket_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rocket_lake",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:04:57.284586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:24:22.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) BIOS PPAM firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper conditions check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:48.811Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28383",
"datePublished": "2024-05-16T20:47:48.811Z",
"dateReserved": "2023-05-06T03:00:04.372Z",
"dateUpdated": "2024-08-21T16:24:22.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24981 (GCVE-0-2024-24981)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2025-05-14 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper Input Validation
Summary
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | UEFI firmware for some Intel(R) Server M50FCP Family products |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:intel_server_m50fcp_family:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_server_m50fcp_family",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:intel_server_d50fcp_family:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intel_server_d50fcp_family",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:server_board_s2600bp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_board_s2600bp_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:33:48.980065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T18:04:05.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UEFI firmware for some Intel(R) Server M50FCP Family products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:46:59.400Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-24981",
"datePublished": "2024-05-16T20:46:59.400Z",
"dateReserved": "2024-02-08T04:00:11.996Z",
"dateUpdated": "2025-05-14T18:04:05.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40071 (GCVE-0-2023-40071)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA software installers |
Version: before version 2023.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:48:44.921292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:50.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:45.961Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-40071",
"datePublished": "2024-05-16T20:47:45.961Z",
"dateReserved": "2023-10-12T03:00:12.378Z",
"dateUpdated": "2024-08-02T18:24:55.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21861 (GCVE-0-2024-21861)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled Search Path Element
Summary
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA Framework software |
Version: before version 2023.4 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graphics_performance_analyzer",
"vendor": "intel",
"versions": [
{
"lessThan": "2023.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:27:38.510471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:47:36.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA Framework software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:02.350Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21861",
"datePublished": "2024-05-16T20:47:02.350Z",
"dateReserved": "2024-01-13T04:00:09.687Z",
"dateUpdated": "2024-08-01T22:27:36.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43629 (GCVE-0-2023-43629)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-09-06 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA software installers |
Version: before version 2023.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graphics_performance_analyzer",
"vendor": "intel",
"versions": [
{
"lessThanOrEqual": "2023.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:17:34.979282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:40:58.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:45.397Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-43629",
"datePublished": "2024-05-16T20:47:45.397Z",
"dateReserved": "2023-10-12T03:00:12.438Z",
"dateUpdated": "2024-09-06T19:40:58.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41082 (GCVE-0-2023-41082)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-395 - Null pointer dereference
Summary
Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) CST software |
Version: before version 2.1.10300 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:context_sensing_technology:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "context_sensing_technology",
"vendor": "intel",
"versions": [
{
"lessThan": "2.1.10300",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T19:46:02.400022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:44:13.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) CST software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.1.10300"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-395",
"description": "Null pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:31.064Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-41082",
"datePublished": "2024-05-16T20:47:31.064Z",
"dateReserved": "2023-08-23T03:00:02.547Z",
"dateUpdated": "2024-08-02T18:46:11.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33161 (GCVE-0-2021-33161)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:ethernet_controller_i225_manageability_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_controller_i225_manageability_firmware",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:38:20.396531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:02.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:51.901Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33161",
"datePublished": "2024-05-16T20:47:51.901Z",
"dateReserved": "2021-05-18T00:31:17.248Z",
"dateUpdated": "2024-08-03T23:42:19.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47165 (GCVE-0-2023-47165)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-09-03 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-92 - Improper conditions check
Summary
Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Data Center GPU Max Series 1100 and 1550 products |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01041.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01041.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T19:06:47.152213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:15:10.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Data Center GPU Max Series 1100 and 1550 products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper conditions check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:13.299Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01041.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01041.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-47165",
"datePublished": "2024-05-16T20:47:13.299Z",
"dateReserved": "2023-11-27T04:00:20.195Z",
"dateUpdated": "2024-09-03T18:15:10.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22662 (GCVE-0-2023-22662)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 10:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper Input Validation
Summary
Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | UEFI firmware for some Intel(R) Server Board S2600BP products |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T13:01:19.772911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:50.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:50.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UEFI firmware for some Intel(R) Server Board S2600BP products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:01.139Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22662",
"datePublished": "2024-05-16T20:47:01.139Z",
"dateReserved": "2023-06-09T03:00:03.474Z",
"dateUpdated": "2024-08-02T10:13:50.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21788 (GCVE-0-2024-21788)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-29 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled Search Path Element
Summary
Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA software |
Version: before version 2023.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graphics_performance_analyzer",
"vendor": "intel",
"versions": [
{
"lessThan": "2023.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:09:19.815534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:27:13.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:02.892Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01067.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21788",
"datePublished": "2024-05-16T20:47:02.892Z",
"dateReserved": "2024-01-13T04:00:09.707Z",
"dateUpdated": "2024-08-29T20:27:13.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47282 (GCVE-0-2023-47282)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneVPL software |
Version: before version 23.3.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:media_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "media_sdk",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:onevpl_gpu_runtime:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "onevpl_gpu_runtime",
"vendor": "intel",
"versions": [
{
"lessThan": "23.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:52:59.475402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:48:00.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneVPL software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:42.013Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-47282",
"datePublished": "2024-05-16T20:47:42.013Z",
"dateReserved": "2023-11-18T04:00:12.379Z",
"dateUpdated": "2024-08-02T21:09:36.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39929 (GCVE-0-2023-39929)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-09-06 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Libva software maintained by Intel(R) |
Version: before version 2.20.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01012.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01012.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:libva:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libva",
"vendor": "intel",
"versions": [
{
"lessThan": "2.20.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T19:19:51.126524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:47:26.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Libva software maintained by Intel(R)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.20.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:35.322Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01012.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01012.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-39929",
"datePublished": "2024-05-16T20:47:35.322Z",
"dateReserved": "2023-09-14T03:00:04.745Z",
"dateUpdated": "2024-09-06T19:47:26.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45743 (GCVE-0-2023-45743)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) DSA software uninstallers |
Version: before version 23.4.39.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:dsa_software_uninstallers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dsa_software_uninstallers",
"vendor": "intel",
"versions": [
{
"lessThan": "23.4.39.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:39:06.699375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:02.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01031.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) DSA software uninstallers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.4.39.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) DSA software uninstallers before version 23.4.39.10 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:28.695Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01031.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01031.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45743",
"datePublished": "2024-05-16T20:47:28.695Z",
"dateReserved": "2023-10-12T03:00:12.277Z",
"dateUpdated": "2024-08-02T20:29:32.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47169 (GCVE-0-2023-47169)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 21:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Media SDK software |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:media_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "media_sdk",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:01:30.883907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:45.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Media SDK software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper buffer restrictions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:43.178Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-47169",
"datePublished": "2024-05-16T20:47:43.178Z",
"dateReserved": "2023-11-27T04:00:20.139Z",
"dateUpdated": "2024-08-02T21:01:22.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43745 (GCVE-0-2023-43745)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) CBI software |
Version: before version 1.1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:cbi_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cbi_software",
"vendor": "intel",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:19:26.573436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:32:32.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01013.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) CBI software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:34.772Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01013.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01013.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-43745",
"datePublished": "2024-05-16T20:47:34.772Z",
"dateReserved": "2023-10-12T03:00:12.420Z",
"dateUpdated": "2024-08-02T19:52:10.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40155 (GCVE-0-2023-40155)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) CST software |
Version: before version 2.1.10300 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:context_sensing_technology:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "context_sensing_technology",
"vendor": "intel",
"versions": [
{
"lessThan": "2.1.10300",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:51:07.682651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:49.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) CST software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.1.10300"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) CST software before version 2.1.10300 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:29.343Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01021.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-40155",
"datePublished": "2024-05-16T20:47:29.343Z",
"dateReserved": "2023-09-22T03:00:11.564Z",
"dateUpdated": "2024-08-02T18:24:55.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33145 (GCVE-0-2021-33145)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-10-25 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-248 - Uncaught exception
Summary
Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:ethernet_controller_i225_manageability_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_controller_i225_manageability_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "1.87",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_adapter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_adapter",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:04:13.442782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T19:08:52.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-248",
"description": "Uncaught exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:53.215Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33145",
"datePublished": "2024-05-16T20:47:53.215Z",
"dateReserved": "2021-05-18T00:31:17.240Z",
"dateUpdated": "2024-10-25T19:08:52.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42668 (GCVE-0-2023-42668)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | onboard video driver software for Intel(R) Server Boards based on Intel(R) 62X Chipset |
Version: before version 1.14 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:62x_chipset:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "62x_chipset",
"vendor": "intel",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T18:37:02.465966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:32:17.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:40.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00962.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00962.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "onboard video driver software for Intel(R) Server Boards based on Intel(R) 62X Chipset",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:38.978Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00962.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00962.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-42668",
"datePublished": "2024-05-16T20:47:38.978Z",
"dateReserved": "2023-09-14T03:00:04.702Z",
"dateUpdated": "2024-08-02T19:23:40.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40070 (GCVE-0-2023-40070)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 18:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for macOS |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T12:49:29.748372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:51.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for macOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:18.762Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-40070",
"datePublished": "2024-05-16T20:47:18.762Z",
"dateReserved": "2023-11-09T04:00:08.081Z",
"dateUpdated": "2024-08-02T18:24:54.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21823 (GCVE-0-2024-21823)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2024-08-14 20:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-1264 - Hardware Logic with Insecure De-Synchronization between Control and Data Channels
Summary
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T18:02:56.696203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:39:32.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-1264",
"description": "Hardware Logic with Insecure De-Synchronization between Control and Data Channels",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T20:45:24.842Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2024/05/15/1",
"url": "http://www.openwall.com/lists/oss-security/2024/05/15/1"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21823",
"datePublished": "2024-05-16T20:46:57.735Z",
"dateReserved": "2024-01-24T04:00:22.601Z",
"dateUpdated": "2024-08-14T20:45:24.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38417 (GCVE-0-2023-38417)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PROSet/Wireless WiFi software |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:45:23.815464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:07.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) PROSet/Wireless WiFi software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:16.918Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38417",
"datePublished": "2024-05-16T20:47:16.918Z",
"dateReserved": "2023-10-25T03:00:09.616Z",
"dateUpdated": "2024-08-02T17:39:13.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45320 (GCVE-0-2023-45320)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) VTune(TM) Profiler software |
Version: before version 2024.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:vtune_profiler:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vtune_profiler",
"vendor": "intel",
"versions": [
{
"lessThan": "2024.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:56:30.411157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:55.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01034.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01034.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) VTune(TM) Profiler software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2024.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:27.184Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01034.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01034.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45320",
"datePublished": "2024-05-16T20:47:27.184Z",
"dateReserved": "2023-11-03T03:00:20.874Z",
"dateUpdated": "2024-08-02T20:21:15.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25952 (GCVE-0-2023-25952)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-02 11:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:33.466Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25952",
"datePublished": "2023-11-14T19:04:22.210Z",
"dateReserved": "2023-03-08T04:00:03.712Z",
"dateUpdated": "2024-08-02T11:39:06.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45315 (GCVE-0-2023-45315)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-665 - Improper initialization
Summary
Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for Windwos |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:51:58.985470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707 Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:08.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for Windwos",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-665",
"description": "Improper initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:22.811Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45315",
"datePublished": "2024-05-16T20:47:22.811Z",
"dateReserved": "2023-11-03T03:00:20.884Z",
"dateUpdated": "2024-08-02T20:21:15.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38581 (GCVE-0-2023-38581)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for Windows |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:46:58.445931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:00.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:19.915Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38581",
"datePublished": "2024-05-16T20:47:19.915Z",
"dateReserved": "2023-11-09T04:00:08.179Z",
"dateUpdated": "2024-08-02T17:46:56.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21864 (GCVE-0-2024-21864)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-86 - Improper neutralization
Summary
Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) & Iris(R) Xe Graphics software |
Version: before version 31.0.101.5081 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:iris_xe_graphics:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iris_xe_graphics",
"vendor": "intel",
"versions": [
{
"lessThan": "31.0.101.5081",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:arc_a_graphics:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arc_a_graphics",
"vendor": "intel",
"versions": [
{
"lessThan": "31.0.101.5081",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:09:46.969827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-707",
"description": "CWE-707 Improper Neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:59.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 31.0.101.5081"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization in some Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-86",
"description": "Improper neutralization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:07.857Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01053.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21864",
"datePublished": "2024-05-16T20:47:07.857Z",
"dateReserved": "2024-01-02T16:55:54.852Z",
"dateUpdated": "2024-08-01T22:27:36.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21814 (GCVE-0-2024-21814)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Chipset Device Software |
Version: before version 10.1.19444.8378 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:chipset_device_software:10.1.19444.8378:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chipset_device_software",
"vendor": "intel",
"versions": [
{
"lessThan": "10.1.19444.8378",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:13:27.724023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:59:42.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01032.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Chipset Device Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 10.1.19444.8378"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:27.930Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01032.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01032.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21814",
"datePublished": "2024-05-16T20:47:27.930Z",
"dateReserved": "2024-01-02T16:55:54.856Z",
"dateUpdated": "2024-08-01T22:27:36.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45845 (GCVE-0-2023-45845)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-92 - Improper conditions check
Summary
Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Wireless Bluetooth(R) products for Windows |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:25:59.498021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:58.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Wireless Bluetooth(R) products for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.20 may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper conditions check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:16.217Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45845",
"datePublished": "2024-05-16T20:47:16.217Z",
"dateReserved": "2023-11-18T04:00:12.373Z",
"dateUpdated": "2024-08-02T20:29:32.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22379 (GCVE-0-2024-22379)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-21 15:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Inspector software |
Version: before version 2024.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01043.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01043.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:inspector:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "inspector",
"vendor": "intel",
"versions": [
{
"lessThan": "2024.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:hpc_toolkit:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "hpc_toolkit",
"vendor": "intel",
"versions": [
{
"lessThan": "2024.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:01:47.740110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T15:10:41.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Inspector software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2024.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:11.663Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01043.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01043.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-22379",
"datePublished": "2024-05-16T20:47:11.663Z",
"dateReserved": "2024-01-10T04:00:05.801Z",
"dateUpdated": "2024-08-21T15:10:41.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41234 (GCVE-0-2023-41234)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-476 - NULL pointer dereference
Summary
NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for Windows |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T12:43:20.380324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:21:43.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-476",
"description": "NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:23.387Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-41234",
"datePublished": "2024-05-16T20:47:23.387Z",
"dateReserved": "2023-11-09T04:00:08.241Z",
"dateUpdated": "2024-08-02T18:54:04.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21843 (GCVE-0-2024-21843)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled Search Path Element
Summary
Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Computing Improvement Program software |
Version: before version 2.4.0.10654 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:computing_improvement_program:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "computing_improvement_program",
"vendor": "intel",
"versions": [
{
"lessThan": "2.4.10654",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:28:04.297141Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:07.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01059.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01059.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Computing Improvement Program software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.4.0.10654"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) Computing Improvement Program software before version 2.4.0.10654 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:03.973Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01059.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01059.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21843",
"datePublished": "2024-05-16T20:47:03.973Z",
"dateReserved": "2024-01-02T16:55:54.881Z",
"dateUpdated": "2024-08-01T22:27:36.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48368 (GCVE-0-2023-48368)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 21:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Media SDK software |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:media_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "media_sdk",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:03:45.436143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:34.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:30:34.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Media SDK software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:40.238Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-48368",
"datePublished": "2024-05-16T20:47:40.238Z",
"dateReserved": "2023-11-18T04:00:12.361Z",
"dateUpdated": "2024-08-02T21:30:34.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43751 (GCVE-0-2023-43751)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Graphics Windows DCH driver software |
Version: before versions 31.0.101.3790/31.0.101.2114 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_windows_dch_driver_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graphics_windows_dch_driver_software",
"vendor": "intel",
"versions": [
{
"lessThan": "31.0.101.3790",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "31.0.101.2114",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:42:03.863598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:59.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00937.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00937.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Graphics Windows DCH driver software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before versions 31.0.101.3790/31.0.101.2114"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:39.645Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00937.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00937.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-43751",
"datePublished": "2024-05-16T20:47:39.645Z",
"dateReserved": "2023-10-12T03:00:12.344Z",
"dateUpdated": "2024-08-02T19:52:10.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33141 (GCVE-0-2021-33141)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:ethernet_adapter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_adapter",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:o:intel:ethernet_controller_i225_manageability_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_controller_i225_manageability_firmware",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:50:42.654243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:03.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:20.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:49.565Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33141",
"datePublished": "2024-05-16T20:47:49.565Z",
"dateReserved": "2021-05-18T00:31:17.238Z",
"dateUpdated": "2024-08-03T23:42:20.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42433 (GCVE-0-2023-42433)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Endurance Gaming Mode software installers |
Version: before version 1.3.937.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:endurance_gaming_mode_software_installers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endurance_gaming_mode_software_installers",
"vendor": "intel",
"versions": [
{
"lessThan": "1.3.937.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T18:44:41.163831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:31:59.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:51.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00965.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00965.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Endurance Gaming Mode software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.3.937.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Endurance Gaming Mode software installers before version 1.3.937.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:38.359Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00965.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00965.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-42433",
"datePublished": "2024-05-16T20:47:38.359Z",
"dateReserved": "2023-10-05T03:00:02.434Z",
"dateUpdated": "2024-08-02T19:16:51.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21809 (GCVE-0-2024-21809)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-29 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper conditions check
Summary
Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Quartus(R) Prime Lite Edition Design software |
Version: before version 23.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:quartus_prime_lite_edition_design_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "quartus_prime_lite_edition_design_software",
"vendor": "intel",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T20:56:57.580010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:27:20.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Quartus(R) Prime Lite Edition Design software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper conditions check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:05.564Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21809",
"datePublished": "2024-05-16T20:47:05.564Z",
"dateReserved": "2024-01-05T04:00:20.738Z",
"dateUpdated": "2024-08-29T20:27:20.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47855 (GCVE-0-2023-47855)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2025-02-13 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) TDX module software |
Version: before version 1.5.05.46.698 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:trust_domain_extensions_module:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "trust_domain_extensions_module",
"vendor": "intel",
"versions": [
{
"lessThan": "1.5.05.46.698",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:16:15.492538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:50:21.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) TDX module software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.5.05.46.698"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:44.550Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-47855",
"datePublished": "2024-05-16T20:47:25.146Z",
"dateReserved": "2023-11-18T04:00:12.356Z",
"dateUpdated": "2025-02-13T17:18:10.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45217 (GCVE-0-2023-45217)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for Windows |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:44:59.453589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:01.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:18.116Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45217",
"datePublished": "2024-05-16T20:47:18.116Z",
"dateReserved": "2023-11-03T03:00:20.832Z",
"dateUpdated": "2024-08-02T20:14:19.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42879 (GCVE-0-2022-42879)
Vulnerability from cvelistv5
Published
2023-11-14 19:04
Modified
2024-08-30 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-395 - NULL pointer dereference
Summary
NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Arc(TM) Control software |
Version: before version 1.73.5335.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T17:57:33.160691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:57:43.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Arc(TM) Control software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.73.5335.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-395",
"description": "NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:34.203Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-42879",
"datePublished": "2023-11-14T19:04:22.757Z",
"dateReserved": "2022-12-07T04:00:07.253Z",
"dateUpdated": "2024-08-30T17:57:43.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41961 (GCVE-0-2023-41961)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-21 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA software |
Version: before version 2023.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_performance_analyzers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "graphics_performance_analyzers",
"vendor": "intel",
"versions": [
{
"lessThan": "2023.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T15:57:48.999011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:00:42.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) GPA software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:46.571Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-41961",
"datePublished": "2024-05-16T20:47:46.571Z",
"dateReserved": "2023-10-12T03:00:12.402Z",
"dateUpdated": "2024-08-21T16:00:42.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37341 (GCVE-0-2022-37341)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 10:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda1_for_open_compute_project:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_xl710-qda1_for_open_compute_project",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_x710-t4l_for_ocp_3.0:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_x710-t4l_for_ocp_3.0",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_x710-t4l:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_x710-t4l",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_e810-xxvda2_for_ocp_3.0:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_e810-xxvda2_for_ocp_3.0",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_e810-xxvda4:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_e810-xxvda4",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_e810-2cqda2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_e810-2cqda2",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_xl710-qda2_for_open_compute_project:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_xl710-qda2_for_open_compute_project",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ethernet_network_adapter_e810-xxvda2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ethernet_network_adapter_e810-xxvda2",
"vendor": "intel",
"versions": [
{
"lessThan": "29.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T14:06:59.082443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:42:37.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:52.449Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-37341",
"datePublished": "2024-05-16T20:47:52.449Z",
"dateReserved": "2022-08-02T03:00:25.793Z",
"dateUpdated": "2024-08-03T10:29:20.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33157 (GCVE-0-2021-33157)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-691 - Insufficient control flow management
Summary
Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:35:28.576765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:02.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-691",
"description": "Insufficient control flow management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:51.150Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33157",
"datePublished": "2024-05-16T20:47:51.150Z",
"dateReserved": "2021-05-18T00:31:17.245Z",
"dateUpdated": "2024-08-03T23:42:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35192 (GCVE-0-2023-35192)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA Framework software |
Version: before version 2023.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graphics_performance_analyzer",
"vendor": "intel",
"versions": [
{
"lessThan": "2023.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:22:43.257812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:45:59.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA Framework software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:47.123Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-35192",
"datePublished": "2024-05-16T20:47:47.123Z",
"dateReserved": "2023-10-25T03:00:09.579Z",
"dateUpdated": "2024-08-02T16:23:59.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48727 (GCVE-0-2023-48727)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-395 - NULL pointer dereference
Summary
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneVPL software |
Version: before version 23.3.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:media_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "media_sdk",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:onevpl_gpu_runtime:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "onevpl_gpu_runtime",
"vendor": "intel",
"versions": [
{
"lessThan": "23.3.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:58:56.660519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-395",
"description": "CWE-395 Use of NullPointerException Catch to Detect NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T12:49:03.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneVPL software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-395",
"description": "NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:42.608Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-48727",
"datePublished": "2024-05-16T20:47:42.608Z",
"dateReserved": "2023-11-27T04:00:20.147Z",
"dateUpdated": "2024-08-02T21:37:54.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45846 (GCVE-0-2023-45846)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-459 - Incomplete cleanup
Summary
Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for macOS |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:50:43.150253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459 Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:01.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for macOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete cleanup in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-459",
"description": "Incomplete cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:22.273Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45846",
"datePublished": "2024-05-16T20:47:22.273Z",
"dateReserved": "2023-11-09T04:00:08.293Z",
"dateUpdated": "2024-08-02T20:29:32.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21818 (GCVE-0-2024-21818)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-07 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) PCM software |
Version: before version 202311 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:pcm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pcm",
"vendor": "intel",
"versions": [
{
"lessThan": "202311",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T18:02:56.794220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T19:35:38.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01035.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) PCM software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 202311"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) PCM software before version 202311 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:26.384Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01035.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21818",
"datePublished": "2024-05-16T20:47:26.384Z",
"dateReserved": "2024-01-02T16:55:54.890Z",
"dateUpdated": "2024-08-07T19:35:38.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46103 (GCVE-0-2023-46103)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-1281 - Sequence of Processor Instructions Leads to Unexpected Behavior
Summary
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Core(TM) Ultra Processors |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:00:27.957400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:14.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:39.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Core(TM) Ultra Processors",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-1281",
"description": "Sequence of Processor Instructions Leads to Unexpected Behavior",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:08.458Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-46103",
"datePublished": "2024-05-16T20:47:08.458Z",
"dateReserved": "2023-11-03T03:00:20.849Z",
"dateUpdated": "2024-08-02T20:37:39.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27504 (GCVE-0-2023-27504)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 12:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper conditions check
Summary
Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) BIOS Guard firmware |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:kaby_lake:-:*:*:*:client:*:*:*"
],
"defaultStatus": "unknown",
"product": "kaby_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:coffee_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "coffee_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:comet_lake:-:*:*:*:client:*:*:*"
],
"defaultStatus": "unknown",
"product": "comet_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:ice_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ice_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:rocket_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rocket_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:tiger_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tiger_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:amber_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "amber_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:h:intel:alder_lake:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "alder_lake",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:12:27.286694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:56.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:36.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) BIOS Guard firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper conditions check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:48.296Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27504",
"datePublished": "2024-05-16T20:47:48.296Z",
"dateReserved": "2023-05-06T03:00:04.358Z",
"dateUpdated": "2024-08-02T12:16:36.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45745 (GCVE-0-2023-45745)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2025-02-13 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) TDX module software |
Version: before version 1.5.05.46.698 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:tdx_module_software:1.5.05.46.698:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tdx_module_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "1.5.05.46.698"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:36:31.062876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:20:08.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:31.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) TDX module software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 1.5.05.46.698"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:46.164Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-45745",
"datePublished": "2024-05-16T20:47:24.558Z",
"dateReserved": "2023-11-27T04:00:20.170Z",
"dateUpdated": "2025-02-13T17:14:09.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33162 (GCVE-0-2021-33162)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-03 23:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:47:08.316580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:01.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:50.397Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00756.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2021-33162",
"datePublished": "2024-05-16T20:47:50.397Z",
"dateReserved": "2021-05-18T00:31:17.249Z",
"dateUpdated": "2024-08-03T23:42:19.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47859 (GCVE-0-2023-47859)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 21:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Wireless Bluetooth products for Windows |
Version: before version 23.20 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:26:51.669897Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:26:39.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:16:43.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Wireless Bluetooth products for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:14.806Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-47859",
"datePublished": "2024-05-16T20:47:14.806Z",
"dateReserved": "2023-11-18T04:00:12.395Z",
"dateUpdated": "2024-08-02T21:16:43.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21862 (GCVE-0-2024-21862)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-20 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Quartus(R) Prime Standard Edition Design software |
Version: before version 23.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:quartus_prime_standard_edition_design_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "quartus_prime_standard_edition_design_software",
"vendor": "intel",
"versions": [
{
"lessThan": "23.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T15:30:15.933633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T15:40:46.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Quartus(R) Prime Standard Edition Design software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 23.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:06.726Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01055.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21862",
"datePublished": "2024-05-16T20:47:06.726Z",
"dateReserved": "2024-01-10T04:00:05.884Z",
"dateUpdated": "2024-08-20T15:40:46.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24460 (GCVE-0-2023-24460)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 10:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) GPA software installers |
Version: before version 2023.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "graphics_performance_analyzer",
"vendor": "intel",
"versions": [
{
"lessThan": "2023.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T16:55:01.064323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:46:36.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) GPA software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2023.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:44.292Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-24460",
"datePublished": "2024-05-16T20:47:44.292Z",
"dateReserved": "2023-03-02T04:00:03.057Z",
"dateUpdated": "2024-08-02T10:56:04.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38420 (GCVE-0-2023-38420)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-02 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Power Gadget software for macOS |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:power_gadget_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "power_gadget_software",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T15:54:21.578374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:10.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Power Gadget software for macOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-754",
"description": "Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:23.953Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-38420",
"datePublished": "2024-05-16T20:47:23.953Z",
"dateReserved": "2023-11-09T04:00:08.143Z",
"dateUpdated": "2024-08-02T17:39:13.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21813 (GCVE-0-2024-21813)
Vulnerability from cvelistv5
Published
2024-05-16 20:47
Modified
2024-08-01 22:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-668 - Exposure of resource to wrong sphere
Summary
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) DTT software installers |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:dtt_software:8.x:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dtt_software",
"vendor": "intel",
"versions": [
{
"lessThan": " 8.7.10802.26924_V2",
"status": "affected",
"version": "8.x",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:intel:dtt_software:9.x:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dtt_software",
"vendor": "intel",
"versions": [
{
"lessThan": "9.0.11400.36441",
"status": "affected",
"version": "9.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:27:49.746946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:02.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) DTT software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-668",
"description": "Exposure of resource to wrong sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:47:37.177Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00984.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-21813",
"datePublished": "2024-05-16T20:47:37.177Z",
"dateReserved": "2024-01-13T04:00:09.696Z",
"dateUpdated": "2024-08-01T22:27:36.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22382 (GCVE-0-2024-22382)
Vulnerability from cvelistv5
Published
2024-05-16 20:46
Modified
2024-08-20 15:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper Input Validation
Summary
Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "server_system_d50tnp2mhsvac_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T13:02:06.562888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T15:03:50.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T20:46:58.276Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01080.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-22382",
"datePublished": "2024-05-16T20:46:58.276Z",
"dateReserved": "2024-01-24T04:00:22.628Z",
"dateUpdated": "2024-08-20T15:03:50.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…