Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0679
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Intel | N/A | Intel ISH software for 11th Generation Intel Core Processor Family versions antérieures à 5.4.1.4479 | ||
Intel | N/A | Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions antérieures à 5.4.1.4479 | ||
Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions antérieures à 5.05.04.0008 | ||
Intel | N/A | Intel Advisor software versions antérieures à 2024.1 | ||
Intel | N/A | LAPAC71G and LAPAC71H versions antérieures à 0065 | ||
Intel | N/A | Intel Trace Analyzer and Collector versions antérieures à 2022.1 | ||
Intel | N/A | Intel oneAPI Base Toolkits versions antérieures à 2024.1 | ||
Intel | N/A | Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4 | ||
Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions antérieures à 5.27.06.0019 | ||
Intel | N/A | Intel Quartus Prime Pro Edition Design software versions antérieures à 23.4 | ||
Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions antérieures à 5.27.03.0006 | ||
Intel | N/A | Intel Distribution pour Python pour Windows versions antérieures à 2024.1 | ||
Intel | N/A | Intel MPI Library versions antérieures à 2021.12 | ||
Intel | N/A | Intel MAS (GUI) versions antérieures à 2.5.0 | ||
Intel | N/A | Intel Simics Package Manager software versions antérieures à 1.8.3. | ||
Intel | N/A | Intel Fortran Compiler versions antérieures à 2024.1 | ||
Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions antérieures à 5.05.04.0008 | ||
Intel | N/A | Intel Agilex FPGA 7 FPGA firmware versions antérieures à 24.1 | ||
Intel | N/A | Intel NUC X15 Laptop | ||
Intel | N/A | LAPKC51E, LAPKC71E, LAPKC71F versions antérieures à 0048 | ||
Intel | N/A | Intel High Level Synthesis Compiler software versions antérieures à 23.4 | ||
Intel | N/A | Intel FPGA SDK for OpenCL software technology, toutes versions | ||
Intel | N/A | Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510 | ||
Intel | N/A | Intel IPP Cryptography software versions antérieures à 2021.11 | ||
Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions antérieures à 5.13.00.2106 | ||
Intel | N/A | Intel VTune Profiler software versions antérieures à 2024.1 | ||
Intel | N/A | Intel Ethernet Adapter Complete Driver Pack software versions antérieures à 28.3 | ||
Intel | N/A | Intel HID Event Filter software versions antérieures à 2.2.2.1 | ||
Intel | N/A | Intel Connectivity Performance Suite software versions antérieures à 2.0 | ||
Intel | N/A | Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E. | ||
Intel | N/A | Intel CIP software versions antérieures à 2.4.10717 | ||
Intel | N/A | Intel oneAPI Base Toolkit versions antérieures à 2024.1 | ||
Intel | N/A | Intel oneAPI HPC Toolkit versions antérieures à 2024.1.0. | ||
Intel | N/A | Intel(R) Ethernet Controllers E800 Series avec des versions antérieures à NIC1.3 PV, NVM avec versions d'images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3. | ||
Intel | N/A | Intel oneAPI DPC++/C++ Compiler versions antérieures à 2024.1. | ||
Intel | N/A | Flexlm License Daemons for Intel FPGA Software version v11.19.5.0 | ||
Intel | N/A | Intel Quartus Prime Pro Edition Design Software versions antérieures à 24.1 | ||
Intel | N/A | Intel ISH software for 12th Generation Intel Core Processor Family versions antérieures à 5.4.2.4594 | ||
Intel | N/A | Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510 | ||
Intel | N/A | Intel Unite Client Extended Display Plugin software installer, toutes versions | ||
Intel | N/A | Intel DPC++ C++ Compiler software versions antérieures à 2024.1 | ||
Intel | N/A | Intel(R) Ethernet Complete Driver Pack versions antérieures à 28.3 | ||
Intel | N/A | Intel Arc Iris Xe Graphics versions antérieures à 31.0.101.4824 | ||
Intel | N/A | Intel TDX module software versions 1.5.05.46.698 | ||
Intel | N/A | Intel Integrated Performance Primitive versions antérieures à 2021.11 | ||
Intel | N/A | LAPRC510, LAPRC710 versions antérieures à 0066 | ||
Intel | N/A | Intel Data Center GPU Max Series 1100 et 1550 | ||
Intel | N/A | Intel oneAPI Base Toolkit software versions antérieures à 2024.1 | ||
Intel | N/A | Intel Distribution pour GDB software versions antérieures à 2024.0.1 | ||
Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions antérieures à 5.13.00.2109 | ||
Intel | N/A | LAPBC510 and LAPBC710 versions antérieures à 0083 | ||
Intel | N/A | BMRA software versions antérieures à 22.08 | ||
Intel | N/A | Intel Graphics Performance Analyzers (Intel GPA) software versions antérieures à 2023.4 | ||
Intel | N/A | Intel License Manager for FLEXlm product versions antérieures à 11.19.5.0 | ||
Intel | N/A | VTune Profiler versions antérieures à VTune 2024.1 | ||
Intel | N/A | Processeurs Intel Xeon Scalable de 4ème et 5ème génération | ||
Intel | N/A | Intel oneAPI HPC Toolkit versions antérieures à 2024.1 | ||
Intel | N/A | Intel VROC versions antérieures à 8.6.0.1191 | ||
Intel | N/A | Intel GPA software versions antérieures à 2024.1 | ||
Intel | N/A | Intel TDX module software versions antérieures à TDX 1.5.01.00.592 | ||
Intel | N/A | Intel oneAPI Math Kernel Library versions antérieures à 2024.1 | ||
Intel | N/A | Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions antérieures à 5.4.2.4594 |
References
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Intel ISH software for 11th Generation Intel Core Processor Family versions ant\u00e9rieures \u00e0 5.4.1.4479", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions ant\u00e9rieures \u00e0 5.4.1.4479", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions ant\u00e9rieures \u00e0 5.05.04.0008", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Advisor software versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "LAPAC71G and LAPAC71H versions ant\u00e9rieures \u00e0 0065", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Trace Analyzer and Collector versions ant\u00e9rieures \u00e0 2022.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel oneAPI Base Toolkits versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions ant\u00e9rieures \u00e0 5.27.06.0019", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Quartus Prime Pro Edition Design software versions ant\u00e9rieures \u00e0 23.4", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions ant\u00e9rieures \u00e0 5.27.03.0006", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Distribution pour Python pour Windows versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel MPI Library versions ant\u00e9rieures \u00e0 2021.12", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel MAS (GUI) versions ant\u00e9rieures \u00e0 2.5.0", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Simics Package Manager software versions ant\u00e9rieures \u00e0 1.8.3.", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Fortran Compiler versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions ant\u00e9rieures \u00e0 5.05.04.0008", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Agilex FPGA 7 FPGA firmware versions ant\u00e9rieures \u00e0 24.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel NUC X15 Laptop", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "LAPKC51E, LAPKC71E, LAPKC71F versions ant\u00e9rieures \u00e0 0048", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel High Level Synthesis Compiler software versions ant\u00e9rieures \u00e0 23.4", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel FPGA SDK for OpenCL software technology, toutes versions", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel IPP Cryptography software versions ant\u00e9rieures \u00e0 2021.11", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions ant\u00e9rieures \u00e0 5.13.00.2106", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel VTune Profiler software versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Ethernet Adapter Complete Driver Pack software versions ant\u00e9rieures \u00e0 28.3", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel HID Event Filter software versions ant\u00e9rieures \u00e0 2.2.2.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Connectivity Performance Suite software versions ant\u00e9rieures \u00e0 2.0", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E.", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel CIP software versions ant\u00e9rieures \u00e0 2.4.10717", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel oneAPI Base Toolkit versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2024.1.0.", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel(R) Ethernet Controllers E800 Series avec des versions ant\u00e9rieures \u00e0 NIC1.3 PV, NVM avec versions d\u0027images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3.", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel oneAPI DPC++/C++ Compiler versions ant\u00e9rieures \u00e0 2024.1.", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Flexlm License Daemons for Intel FPGA Software version v11.19.5.0", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Quartus Prime Pro Edition Design Software versions ant\u00e9rieures \u00e0 24.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel ISH software for 12th Generation Intel Core Processor Family versions ant\u00e9rieures \u00e0 5.4.2.4594", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Unite Client Extended Display Plugin software installer, toutes versions", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel DPC++ C++ Compiler software versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel(R) Ethernet Complete Driver Pack versions ant\u00e9rieures \u00e0 28.3", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Arc Iris Xe Graphics versions ant\u00e9rieures \u00e0 31.0.101.4824", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel TDX module software versions 1.5.05.46.698", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Integrated Performance Primitive versions ant\u00e9rieures \u00e0 2021.11", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "LAPRC510, LAPRC710 versions ant\u00e9rieures \u00e0 0066", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Data Center GPU Max Series 1100 et 1550", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel oneAPI Base Toolkit software versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Distribution pour GDB software versions ant\u00e9rieures \u00e0 2024.0.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions ant\u00e9rieures \u00e0 5.13.00.2109", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "LAPBC510 and LAPBC710 versions ant\u00e9rieures \u00e0 0083", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "BMRA software versions ant\u00e9rieures \u00e0 22.08", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel Graphics Performance Analyzers (Intel GPA) software versions ant\u00e9rieures \u00e0 2023.4", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel License Manager for FLEXlm product versions ant\u00e9rieures \u00e0 11.19.5.0", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "VTune Profiler versions ant\u00e9rieures \u00e0 VTune 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Processeurs Intel Xeon Scalable de 4\u00e8me et 5\u00e8me g\u00e9n\u00e9ration", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel VROC versions ant\u00e9rieures \u00e0 8.6.0.1191", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel GPA software versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel TDX module software versions ant\u00e9rieures \u00e0 TDX 1.5.01.00.592", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel oneAPI Math Kernel Library versions ant\u00e9rieures \u00e0 2024.1", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } }, { "description": "Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions ant\u00e9rieures \u00e0 5.4.2.4594", "product": { "name": "N/A", "vendor": { "name": "Intel", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-23495", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23495" }, { "name": "CVE-2024-21801", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21801" }, { "name": "CVE-2024-21844", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21844" }, { "name": "CVE-2024-23497", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23497" }, { "name": "CVE-2023-45230", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45230" }, { "name": "CVE-2024-21784", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21784" }, { "name": "CVE-2022-36763", "url": "https://www.cve.org/CVERecord?id=CVE-2022-36763" }, { "name": "CVE-2023-39539", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39539" }, { "name": "CVE-2024-21857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21857" }, { "name": "CVE-2024-24980", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24980" }, { "name": "CVE-2024-21787", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21787" }, { "name": "CVE-2024-26027", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26027" }, { "name": "CVE-2024-27461", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27461" }, { "name": "CVE-2023-34424", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34424" }, { "name": "CVE-2023-38655", "url": "https://www.cve.org/CVERecord?id=CVE-2023-38655" }, { "name": "CVE-2024-23491", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23491" }, { "name": "CVE-2024-23499", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23499" }, { "name": "CVE-2023-45229", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45229" }, { "name": "CVE-2023-45234", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45234" }, { "name": "CVE-2023-45236", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45236" }, { "name": "CVE-2024-24983", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24983" }, { "name": "CVE-2024-28947", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28947" }, { "name": "CVE-2024-28887", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28887" }, { "name": "CVE-2024-25939", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25939" }, { "name": "CVE-2024-29015", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29015" }, { "name": "CVE-2024-25576", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25576" }, { "name": "CVE-2024-21769", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21769" }, { "name": "CVE-2024-24986", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24986" }, { "name": "CVE-2024-28046", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28046" }, { "name": "CVE-2023-35061", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35061" }, { "name": "CVE-2024-34163", "url": "https://www.cve.org/CVERecord?id=CVE-2024-34163" }, { "name": "CVE-2024-24973", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24973" }, { "name": "CVE-2024-26025", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26025" }, { "name": "CVE-2023-45231", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45231" }, { "name": "CVE-2022-29871", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29871" }, { "name": "CVE-2023-43747", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43747" }, { "name": "CVE-2023-45237", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45237" }, { "name": "CVE-2023-40067", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40067" }, { "name": "CVE-2024-28050", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28050" }, { "name": "CVE-2024-21810", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21810" }, { "name": "CVE-2023-49141", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49141" }, { "name": "CVE-2023-45233", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45233" }, { "name": "CVE-2023-45232", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45232" }, { "name": "CVE-2024-25562", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25562" }, { "name": "CVE-2024-23907", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23907" }, { "name": "CVE-2024-23908", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23908" }, { "name": "CVE-2024-21807", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21807" }, { "name": "CVE-2023-35123", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35123" }, { "name": "CVE-2024-24977", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24977" }, { "name": "CVE-2024-21806", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21806" }, { "name": "CVE-2024-24580", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24580" }, { "name": "CVE-2024-22184", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22184" }, { "name": "CVE-2024-23909", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23909" }, { "name": "CVE-2023-49144", "url": "https://www.cve.org/CVERecord?id=CVE-2023-49144" }, { "name": "CVE-2023-48361", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48361" }, { "name": "CVE-2024-39283", "url": "https://www.cve.org/CVERecord?id=CVE-2024-39283" }, { "name": "CVE-2024-23489", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23489" }, { "name": "CVE-2023-43489", "url": "https://www.cve.org/CVERecord?id=CVE-2023-43489" }, { "name": "CVE-2024-25561", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25561" }, { "name": "CVE-2024-22374", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22374" }, { "name": "CVE-2023-42667", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42667" }, { "name": "CVE-2024-21766", "url": "https://www.cve.org/CVERecord?id=CVE-2024-21766" }, { "name": "CVE-2024-23974", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23974" }, { "name": "CVE-2024-26022", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26022" }, { "name": "CVE-2024-28172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28172" }, { "name": "CVE-2024-28876", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28876" }, { "name": "CVE-2024-24853", "url": "https://www.cve.org/CVERecord?id=CVE-2024-24853" }, { "name": "CVE-2023-45235", "url": "https://www.cve.org/CVERecord?id=CVE-2023-45235" }, { "name": "CVE-2024-22378", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22378" }, { "name": "CVE-2024-23981", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23981" }, { "name": "CVE-2024-28953", "url": "https://www.cve.org/CVERecord?id=CVE-2024-28953" }, { "name": "CVE-2024-22376", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22376" } ], "initial_release_date": "2024-08-14T00:00:00", "last_revision_date": "2024-08-14T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0679", "revisions": [ { "description": "Version initiale", "revision_date": "2024-08-14T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel", "vendor_advisories": [ { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01102", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01102.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01172", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01172.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01116", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01129", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00790", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01070", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01070.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01106", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01106.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01089", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01121", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01038", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01113", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01057", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01057.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01046", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01088", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01088.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01122", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01164", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01164.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01130", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01107", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01107.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01127", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01127.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01112", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01112.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01075", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01095", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01095.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01115", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01010", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01126", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01128", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01128.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01087", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01087.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01114", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01094", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01094.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00999", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01083", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01022", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01117", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01073", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01073.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00918", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01105", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01078", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01125", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01125.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01072", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01104", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01100", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01118", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html" }, { "published_at": "2024-08-13", "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01110", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html" } ] }
CVE-2023-49141 (GCVE-0-2023-49141)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2025-03-14 10:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-1189 - Improper isolation
Summary
Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processors stream cache mechanism |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:intel:processors_stream_cache_mechanism:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "processors_stream_cache_mechanism", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-49141", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:34.511Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-03-14T10:03:03.649Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20250314-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Processors stream cache mechanism", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-1189", "description": "Improper isolation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:37.747Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-49141", "datePublished": "2024-08-14T13:45:37.747Z", "dateReserved": "2023-11-28T04:00:14.837Z", "dateUpdated": "2025-03-14T10:03:03.649Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45237 (GCVE-0-2023-45237)
Vulnerability from cvelistv5
Published
2024-01-16 16:11
Modified
2025-02-13 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.957Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45237", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T19:58:00.747301Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T19:58:20.536Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "value": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "impacts": [ { "capecId": "CAPEC-13", "descriptions": [ { "lang": "en", "value": "CAPEC-13 Subverting Environment Variable Values" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-07T17:06:47.741Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Use of a Weak PseudoRandom Number Generator in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45237", "datePublished": "2024-01-16T16:11:11.556Z", "dateReserved": "2023-10-05T20:48:19.879Z", "dateUpdated": "2025-02-13T17:13:57.780Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23497 (GCVE-0-2024-23497)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-787 - Out-of-bounds write
Summary
Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters |
Version: before version 28.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ethernet_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ethernet_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23497", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:27.066Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-787", "description": "Out-of-bounds write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:44.653Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23497", "datePublished": "2024-08-14T13:45:44.653Z", "dateReserved": "2024-02-14T04:00:11.451Z", "dateUpdated": "2024-08-16T04:01:27.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-29871 (GCVE-0-2022-29871)
Vulnerability from cvelistv5
Published
2023-08-11 02:36
Modified
2025-02-13 16:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) CSME software installer |
Version: before version 2239.3.7.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:33:43.005Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html", "tags": [ "x_transferred" ], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230824-0002/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:intel_csme_software_installer:intel_csme_software_installer:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "intel_csme_software_installer", "vendor": "intel_csme_software_installer", "versions": [ { "lessThan": "2239.3.7.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-29871", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-17T14:06:56.386725Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-17T14:09:21.753Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) CSME software installer", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2239.3.7.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-24T18:06:12.629Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230824-0002/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-29871", "datePublished": "2023-08-11T02:36:56.839Z", "dateReserved": "2022-06-19T03:00:05.127Z", "dateUpdated": "2025-02-13T16:32:40.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-43489 (GCVE-0-2023-43489)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) CIP software |
Version: before version 2.4.10717 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-43489", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T16:04:49.056446Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:05:02.244Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) CIP software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.4.10717" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control for some Intel(R) CIP software before version 2.4.10717 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:24.379Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01112.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01112.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-43489", "datePublished": "2024-08-14T13:45:24.379Z", "dateReserved": "2023-09-22T03:00:11.542Z", "dateUpdated": "2024-08-14T16:05:02.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45232 (GCVE-0-2023-45232)
Vulnerability from cvelistv5
Published
2024-01-16 16:12
Modified
2025-06-02 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.743Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45232", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-08T18:43:28.931722Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-02T15:08:40.284Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability." } ], "value": "EDK2\u0027s Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T02:06:11.467Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Infinite loop in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45232", "datePublished": "2024-01-16T16:12:32.584Z", "dateReserved": "2023-10-05T20:48:19.878Z", "dateUpdated": "2025-06-02T15:08:40.284Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45234 (GCVE-0-2023-45234)
Vulnerability from cvelistv5
Published
2024-01-16 16:14
Modified
2025-06-17 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.990Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45234", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-06-17T20:09:26.371967Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-17T20:09:38.945Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability." } ], "value": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability." } ], "impacts": [ { "capecId": "CAPEC-540", "descriptions": [ { "lang": "en", "value": "CAPEC-540 Overread Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T02:06:18.934Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Buffer Overflow in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45234", "datePublished": "2024-01-16T16:14:28.209Z", "dateReserved": "2023-10-05T20:48:19.879Z", "dateUpdated": "2025-06-17T20:09:38.945Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21787 (GCVE-0-2024-21787)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-326 - Inadequate encryption strength
Summary
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | BMRA software |
Version: before version 22.08 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:bmra_software:bmra_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bmra_software", "vendor": "bmra_software", "versions": [ { "lessThan": "22.08", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21787", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:54:15.876827Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:56:03.898Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BMRA software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 22.08" } ] } ], "descriptions": [ { "lang": "en", "value": "Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-326", "description": "Inadequate encryption strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:48.470Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21787", "datePublished": "2024-08-14T13:45:48.470Z", "dateReserved": "2024-01-05T04:00:20.761Z", "dateUpdated": "2024-08-14T14:56:03.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23909 (GCVE-0-2024-23909)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) FPGA SDK for OpenCL(TM) software technology |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:field_programmable_gate_array_software_development_kit_for_opencl:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "field_programmable_gate_array_software_development_kit_for_opencl", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23909", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:01:05.796342Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:03:27.123Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) FPGA SDK for OpenCL(TM) software technology", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) FPGA SDK for OpenCL(TM) software technology may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:27.023Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23909", "datePublished": "2024-08-14T13:45:27.023Z", "dateReserved": "2024-02-28T04:00:21.187Z", "dateUpdated": "2024-08-14T14:03:27.123Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-26025 (GCVE-0-2024-26025)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-15 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Advisor software |
Version: before version 2024.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:advisor:*:*:*:*:*:oneapi:*:*" ], "defaultStatus": "unknown", "product": "advisor", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26025", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T14:16:56.837742Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T14:18:44.113Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Advisor software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:24.918Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-26025", "datePublished": "2024-08-14T13:45:24.918Z", "dateReserved": "2024-03-11T03:00:02.748Z", "dateUpdated": "2024-08-15T14:18:44.113Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-26027 (GCVE-0-2024-26027)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Simics Package Manager software |
Version: before version 1.8.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:simics_package_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simics_package_manager", "vendor": "intel", "versions": [ { "lessThan": "1.8.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26027", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:06:01.012642Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:07:49.923Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Simics Package Manager software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.8.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:22.156Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-26027", "datePublished": "2024-08-14T13:45:22.156Z", "dateReserved": "2024-03-13T03:00:17.302Z", "dateUpdated": "2024-08-14T14:07:49.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-35123 (GCVE-0-2023-35123)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-600 - Uncaught exception in OpenBMC Firmware
Summary
Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Platforms |
Version: before versions egs-1.14-0, bhs-0.27 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-35123", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:33:24.876238Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:36:56.107Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Platforms", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before versions egs-1.14-0, bhs-0.27" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-600", "description": "Uncaught exception in OpenBMC Firmware", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:32.163Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-35123", "datePublished": "2024-08-14T13:45:32.163Z", "dateReserved": "2023-08-02T03:00:04.654Z", "dateUpdated": "2024-08-14T14:36:56.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21769 (GCVE-0-2024-21769)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Connection I219-LM install software |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ethernet_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ethernet_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21769", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:32.061Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Connection I219-LM install software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) Ethernet Connection I219-LM install software may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:45.223Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21769", "datePublished": "2024-08-14T13:45:45.223Z", "dateReserved": "2024-02-28T04:00:21.196Z", "dateUpdated": "2024-08-16T04:01:32.061Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21857 (GCVE-0-2024-21857)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) oneAPI Compiler software |
Version: before version 2024.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:oneapi_compiler_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oneapi_compiler_software", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21857", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T18:02:09.759709Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T18:05:35.128Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) oneAPI Compiler software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) oneAPI Compiler software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:37.158Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01057.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01057.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21857", "datePublished": "2024-08-14T13:45:37.158Z", "dateReserved": "2024-01-02T16:55:54.861Z", "dateUpdated": "2024-08-14T18:05:35.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21766 (GCVE-0-2024-21766)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) oneAPI Math Kernel Library software |
Version: before version 2024.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oneapi_math_kernel_library", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21766", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T18:08:05.811395Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T18:11:23.071Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) oneAPI Math Kernel Library software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:36.085Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21766", "datePublished": "2024-08-14T13:45:36.085Z", "dateReserved": "2024-01-24T04:00:22.623Z", "dateUpdated": "2024-08-14T18:11:23.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-39283 (GCVE-0-2024-39283)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-791 - Incomplete filtering of special elements
Summary
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) TDX module software |
Version: before version TDX_1.5.01.00.592 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:tdx_module_software:1.5.05.46.698:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tdx_module_software", "vendor": "intel", "versions": [ { "lessThan": "1.5.01.00.592", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39283", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T17:56:25.440923Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T18:00:36.712Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) TDX module software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version TDX_1.5.01.00.592" } ] } ], "descriptions": [ { "lang": "en", "value": "Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-791", "description": "Incomplete filtering of special elements", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:39.501Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-39283", "datePublished": "2024-08-14T13:45:39.501Z", "dateReserved": "2024-06-25T03:00:08.218Z", "dateUpdated": "2024-08-14T18:00:36.712Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28876 (GCVE-0-2024-28876)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) MPI Library software |
Version: before version 2021.12 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "oneapi_hpc_toolkit", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "mpi_library", "vendor": "intel", "versions": [ { "lessThan": "2021.12", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28876", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T15:50:29.063605Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:53:18.480Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) MPI Library software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.12" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) MPI Library software before version 2021.12 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:22.685Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-28876", "datePublished": "2024-08-14T13:45:22.685Z", "dateReserved": "2024-03-15T03:00:05.715Z", "dateUpdated": "2024-08-14T15:53:18.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28887 (GCVE-0-2024-28887)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) IPP software |
Version: before version 2021.11 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ipp_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipp_software", "vendor": "intel", "versions": [ { "lessThan": "2021.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28887", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T16:15:25.168889Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:17:22.424Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) IPP software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:17.115Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-28887", "datePublished": "2024-08-14T13:45:17.115Z", "dateReserved": "2024-03-15T03:00:05.703Z", "dateUpdated": "2024-08-14T16:17:22.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-29015 (GCVE-0-2024-29015)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VTune(TM) Profiler software |
Version: before versions 2024.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:vtune_profiler:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vtune_profiler", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oneapi_base_toolkit", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-29015", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:48:48.167928Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:51:25.870Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VTune(TM) Profiler software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before versions 2024.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) VTune(TM) Profiler software before versions 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:19.971Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-29015", "datePublished": "2024-08-14T13:45:19.971Z", "dateReserved": "2024-03-15T03:00:05.777Z", "dateUpdated": "2024-08-14T14:51:25.870Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28172 (GCVE-0-2024-28172)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-15 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Trace Analyzer and Collector software |
Version: before version 2022.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:trace_analyzer_and_collector:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "trace_analyzer_and_collector", "vendor": "intel", "versions": [ { "lessThan": "2022.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28172", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T15:12:18.358599Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T15:13:58.795Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Trace Analyzer and Collector software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2022.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) Trace Analyzer and Collector software before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:21.618Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-28172", "datePublished": "2024-08-14T13:45:21.618Z", "dateReserved": "2024-03-13T03:00:17.311Z", "dateUpdated": "2024-08-15T15:13:58.795Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24977 (GCVE-0-2024-24977)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) License Manager for FLEXlm product software |
Version: before version 11.19.5.0 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:license_manager_for_flexlm_product_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "license_manager_for_flexlm_product_software", "vendor": "intel", "versions": [ { "lessThan": "11.19.5.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-24977", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T16:11:22.591268Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:14:12.833Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) License Manager for FLEXlm product software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 11.19.5.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) License Manager for FLEXlm product software before version 11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:18.905Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-24977", "datePublished": "2024-08-14T13:45:18.905Z", "dateReserved": "2024-03-15T03:00:05.744Z", "dateUpdated": "2024-08-14T16:14:12.833Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45229 (GCVE-0-2023-45229)
Vulnerability from cvelistv5
Published
2024-01-16 16:07
Modified
2025-06-02 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.771Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45229", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-08T15:54:42.873493Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-02T15:08:52.041Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "impacts": [ { "capecId": "CAPEC-540", "descriptions": [ { "lang": "en", "value": "CAPEC-540 Overread Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-07T17:06:42.254Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Out-of-Bounds Read in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45229", "datePublished": "2024-01-16T16:07:31.826Z", "dateReserved": "2023-10-05T20:48:19.877Z", "dateUpdated": "2025-06-02T15:08:52.041Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21810 (GCVE-0-2024-21810)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters |
Version: before version 28.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ethernet_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ethernet_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21810", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:25.878Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:43.577Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21810", "datePublished": "2024-08-14T13:45:43.577Z", "dateReserved": "2024-02-14T04:00:11.441Z", "dateUpdated": "2024-08-16T04:01:25.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-27461 (GCVE-0-2024-27461)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) MAS (GUI) |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-27461", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:42:52.487207Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:25:29.972Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) MAS (GUI)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 4.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:15.965Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01164.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01164.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-27461", "datePublished": "2024-08-14T13:45:15.965Z", "dateReserved": "2024-04-20T03:00:13.967Z", "dateUpdated": "2024-08-14T15:25:29.972Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23495 (GCVE-0-2024-23495)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Distribution for GDB software |
Version: before version 2024.0.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:distribution_for_gdb_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "distribution_for_gdb_software", "vendor": "intel", "versions": [ { "lessThan": "2024.0.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23495", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T18:55:16.071724Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T19:00:58.340Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Distribution for GDB software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:34.981Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23495", "datePublished": "2024-08-14T13:45:34.981Z", "dateReserved": "2024-01-24T04:00:22.642Z", "dateUpdated": "2024-08-14T19:00:58.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23907 (GCVE-0-2024-23907)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) High Level Synthesis Compiler software |
Version: before version 23.4 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:high_level_synthesis_compiler_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "high_level_synthesis_compiler_software", "vendor": "intel", "versions": [ { "lessThan": "23.4", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23907", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T16:05:56.889968Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:08:18.947Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) High Level Synthesis Compiler software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 23.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:23.799Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23907", "datePublished": "2024-08-14T13:45:23.799Z", "dateReserved": "2024-03-13T03:00:17.321Z", "dateUpdated": "2024-08-14T16:08:18.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45233 (GCVE-0-2023-45233)
Vulnerability from cvelistv5
Published
2024-01-16 16:13
Modified
2025-05-22 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Summary
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Availability.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:20.140Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45233", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-20T05:00:22.954532Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-22T14:57:38.872Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability." } ], "value": "EDK2\u0027s Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T02:06:17.031Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Infinite loop in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45233", "datePublished": "2024-01-16T16:13:50.113Z", "dateReserved": "2023-10-05T20:48:19.878Z", "dateUpdated": "2025-05-22T14:57:38.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-25939 (GCVE-0-2024-25939)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-19 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-1251 - Mirrored regions with different values
Summary
Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | 3rd Generation Intel(R) Xeon(R) Scalable Processors |
Version: 3rd Generation Intel(R) Xeon(R) Scalable Processors |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25939", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-19T16:17:26.440030Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-19T16:17:37.018Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "3rd Generation Intel(R) Xeon(R) Scalable Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "3rd Generation Intel(R) Xeon(R) Scalable Processors" } ] } ], "descriptions": [ { "lang": "en", "value": "Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.7, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-1251", "description": "Mirrored regions with different values", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:21.095Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-25939", "datePublished": "2024-08-14T13:45:21.095Z", "dateReserved": "2024-03-13T03:00:17.289Z", "dateUpdated": "2024-08-19T16:17:37.018Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24983 (GCVE-0-2024-24983)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-693 - Protection mechanism failure
Summary
Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters E810 Series |
Version: before version 4.4 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ethernet_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ethernet_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-24983", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:41:51.930471Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:16:38.303Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters E810 Series", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 4.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-693", "description": "Protection mechanism failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:44.098Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-24983", "datePublished": "2024-08-14T13:45:44.098Z", "dateReserved": "2024-02-28T04:00:21.168Z", "dateUpdated": "2024-08-14T15:16:38.303Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24986 (GCVE-0-2024-24986)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters |
Version: before version 28.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ethernet_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ethernet_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-24986", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:29.421Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:46.283Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-24986", "datePublished": "2024-08-14T13:45:46.283Z", "dateReserved": "2024-02-14T04:00:11.417Z", "dateUpdated": "2024-08-16T04:01:29.421Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28947 (GCVE-0-2024-28947)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Board S2600ST Family firmware |
Version: before version 02.01.0017 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:intel:server_board_s2600st_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "server_board_s2600st_firmware", "vendor": "intel", "versions": [ { "lessThan": "02.01.0017", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28947", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-22T03:55:15.276Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Board S2600ST Family firmware", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 02.01.0017" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:20.560Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-28947", "datePublished": "2024-08-14T13:45:20.560Z", "dateReserved": "2024-03-15T03:00:05.755Z", "dateUpdated": "2024-08-22T03:55:15.276Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-35061 (GCVE-0-2023-35061)
Vulnerability from cvelistv5
Published
2024-02-14 13:37
Modified
2024-08-14 13:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-665 - Improper initialization
Summary
Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software |
Version: before version 22.240 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:17:04.537Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html", "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35061", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-07T18:19:36.939396Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-07T18:32:20.560Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 22.240" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 2.3, "baseSeverity": "LOW", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-665", "description": "Improper initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:40.791Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-35061", "datePublished": "2024-02-14T13:37:57.673Z", "dateReserved": "2023-06-17T03:00:02.718Z", "dateUpdated": "2024-08-14T13:45:40.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24853 (GCVE-0-2024-24853)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-696 - Incorrect behavior order
Summary
Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processor |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:processor:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "processor", "vendor": "intel", "versions": [ { "status": "affected", "version": "0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-24853", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:35.677Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Processor", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-696", "description": "Incorrect behavior order", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:31.607Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-24853", "datePublished": "2024-08-14T13:45:31.607Z", "dateReserved": "2024-02-08T04:00:11.905Z", "dateUpdated": "2024-08-16T04:01:35.677Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-34163 (GCVE-0-2024-34163)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 14:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-20 - Improper input validation
Summary
Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) NUC |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:intel:lapac71g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lapac71g_firmware", "vendor": "intel", "versions": [ { "lessThan": "0065", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:lapac71h_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lapac71h_firmware", "vendor": "intel", "versions": [ { "lessThan": "0065", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:lapbc510_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lapbc510_firmware", "vendor": "intel", "versions": [ { "lessThan": "0083", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:lapbc710_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lapbc710_firmware", "vendor": "intel", "versions": [ { "lessThan": "0083", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:laprc510_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "laprc510_firmware", "vendor": "intel", "versions": [ { "lessThan": "0066", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:laprc710_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "laprc710_firmware", "vendor": "intel", "versions": [ { "lessThan": "0066", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:lapkc51e_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lapkc51e_firmware", "vendor": "intel", "versions": [ { "lessThan": "0048", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:lapkc71e_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lapkc71e_firmware", "vendor": "intel", "versions": [ { "lessThan": "0048", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:intel:lapkc71f_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lapkc71f_firmware", "vendor": "intel", "versions": [ { "lessThan": "0048", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-34163", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T04:01:34.221329Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T14:08:31.790Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) NUC", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:38.963Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-34163", "datePublished": "2024-08-14T13:45:38.963Z", "dateReserved": "2024-05-23T17:14:54.807Z", "dateUpdated": "2024-08-16T14:08:31.790Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21784 (GCVE-0-2024-21784)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-19 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) IPP Cryptography software |
Version: before version 2021.11 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ipp_cryptography:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipp_cryptography", "vendor": "intel", "versions": [ { "lessThan": "2021.11", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21784", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-19T16:51:16.626671Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-19T16:52:04.555Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) IPP Cryptography software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:23.215Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21784", "datePublished": "2024-08-14T13:45:23.215Z", "dateReserved": "2024-03-15T03:00:05.732Z", "dateUpdated": "2024-08-19T16:52:04.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-42667 (GCVE-0-2023-42667)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-1189 - Improper isolation
Summary
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Core(TM) Ultra Processor stream cache mechanism |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:intel:core_ultra_processor:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "core_ultra_processor", "vendor": "intel", "versions": [ { "lessThan": "microcode-20240813", "status": "affected", "version": "0", "versionType": "git" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-42667", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-21T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-22T03:55:12.553Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Core(TM) Ultra Processor stream cache mechanism", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-1189", "description": "Improper isolation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:38.379Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-42667", "datePublished": "2024-08-14T13:45:38.379Z", "dateReserved": "2023-10-25T03:00:09.605Z", "dateUpdated": "2024-08-22T03:55:12.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45235 (GCVE-0-2023-45235)
Vulnerability from cvelistv5
Published
2024-01-16 16:11
Modified
2025-06-17 21:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability when
handling Server ID option
from a DHCPv6 proxy Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.859Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45235", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-20T05:00:24.446605Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-17T21:19:14.861Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability." } ], "value": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability when\n\n\n\n\n\nhandling Server ID option \n\n\n\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability." } ], "impacts": [ { "capecId": "CAPEC-540", "descriptions": [ { "lang": "en", "value": "CAPEC-540 Overread Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T02:06:06.242Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Buffer Overflow in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45235", "datePublished": "2024-01-16T16:11:41.215Z", "dateReserved": "2023-10-05T20:48:19.879Z", "dateUpdated": "2025-06-17T21:19:14.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28953 (GCVE-0-2024-28953)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | EMON software |
Version: before version 11.44 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:emon_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "emon_software", "vendor": "intel", "versions": [ { "lessThan": "11.44", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28953", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:42:40.229039Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:28:56.819Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EMON software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 11.44" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some EMON software before version 11.44 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:19.461Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01125.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01125.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-28953", "datePublished": "2024-08-14T13:45:19.461Z", "dateReserved": "2024-03-15T03:00:05.721Z", "dateUpdated": "2024-08-14T15:28:56.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24973 (GCVE-0-2024-24973)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Distribution for GDB software |
Version: before version 2024.0.1 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24973", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T15:28:29.393900Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:28:40.267Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Distribution for GDB software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation for some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 1, "baseSeverity": "LOW", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:34.401Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-24973", "datePublished": "2024-08-14T13:45:34.401Z", "dateReserved": "2024-03-11T03:00:02.407Z", "dateUpdated": "2024-08-14T15:28:40.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21807 (GCVE-0-2024-21807)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-665 - Improper initialization
Summary
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters |
Version: before version 28.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ethernet_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ethernet_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-21807", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:30.886Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-665", "description": "Improper initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:47.339Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21807", "datePublished": "2024-08-14T13:45:47.339Z", "dateReserved": "2024-02-14T04:00:11.464Z", "dateUpdated": "2024-08-16T04:01:30.886Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21801 (GCVE-0-2024-21801)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-691 - Insufficient control flow management
Summary
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) TDX module software |
Version: before version 1.5.05.46.698 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21801", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T13:52:59.024178Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T13:53:28.095Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) TDX module software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.5.05.46.698" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-691", "description": "Insufficient control flow management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:36.610Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01070.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01070.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21801", "datePublished": "2024-08-14T13:45:36.610Z", "dateReserved": "2024-01-17T04:00:22.741Z", "dateUpdated": "2024-08-16T13:53:28.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45231 (GCVE-0-2023-45231)
Vulnerability from cvelistv5
Published
2024-01-16 16:09
Modified
2025-02-13 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
EDK2's Network Package is susceptible to an out-of-bounds read
vulnerability when processing Neighbor Discovery Redirect message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45231", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-30T18:59:05.991713Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-30T18:59:23.502Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u0026nbsp; Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "value": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "impacts": [ { "capecId": "CAPEC-540", "descriptions": [ { "lang": "en", "value": "CAPEC-540 Overread Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T02:06:13.345Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Out-of-Bounds Read in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45231", "datePublished": "2024-01-16T16:09:47.914Z", "dateReserved": "2023-10-05T20:48:19.877Z", "dateUpdated": "2025-02-13T17:13:54.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23489 (GCVE-0-2024-23489)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) VROC software |
Version: before version 8.6.0.1191 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:vroc_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "vroc_software", "vendor": "intel", "versions": [ { "lessThan": "8.6.0.1191", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23489", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:53:37.217540Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:54:29.837Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) VROC software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 8.6.0.1191" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:17.748Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01128.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01128.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23489", "datePublished": "2024-08-14T13:45:17.748Z", "dateReserved": "2024-03-15T03:00:05.692Z", "dateUpdated": "2024-08-14T14:54:29.837Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23491 (GCVE-0-2024-23491)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 18:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Distribution for GDB software |
Version: before version 2024.0.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:distribution_for_gdb_software:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "distribution_for_gdb_software", "vendor": "intel", "versions": [ { "lessThan": "2024.0.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oneapi_base_toolkit", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23491", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T18:29:46.951778Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T18:31:31.535Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Distribution for GDB software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:33.806Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23491", "datePublished": "2024-08-14T13:45:33.806Z", "dateReserved": "2024-01-24T04:00:22.612Z", "dateUpdated": "2024-08-16T18:31:31.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-43747 (GCVE-0-2023-43747)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Connectivity Performance Suite software installers |
Version: before version 2.0 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:connectivity_performance_suite:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "connectivity_performance_suite", "vendor": "intel", "versions": [ { "lessThan": "2.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-43747", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T13:59:34.060184Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:00:46.359Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Connectivity Performance Suite software installers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions for some Intel(R) Connectivity Performance Suite software installers before version 2.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:27.586Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01102.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01102.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-43747", "datePublished": "2024-08-14T13:45:27.586Z", "dateReserved": "2023-10-05T03:00:02.477Z", "dateUpdated": "2024-08-14T14:00:46.359Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23981 (GCVE-0-2024-23981)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 04:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-128 - Wrap-around error
Summary
Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters |
Version: before version 28.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:ethernet_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ethernet_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23981", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T04:01:28.264Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "LOW", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-128", "description": "Wrap-around error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:45.752Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23981", "datePublished": "2024-08-14T13:45:45.752Z", "dateReserved": "2024-02-14T04:00:11.428Z", "dateUpdated": "2024-08-16T04:01:28.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24580 (GCVE-0-2024-24580)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-92 - Improper conditions check
Summary
Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Data Center GPU Max Series 1100 and 1550 products |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24580", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T15:49:15.447996Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T15:49:23.793Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Data Center GPU Max Series 1100 and 1550 products", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper conditions check in some Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow a privileged user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-92", "description": "Improper conditions check", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:29.360Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01094.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01094.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-24580", "datePublished": "2024-08-14T13:45:29.360Z", "dateReserved": "2024-02-28T04:00:21.179Z", "dateUpdated": "2024-08-16T15:49:23.793Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-22378 (GCVE-0-2024-22378)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel Unite(R) Client Extended Display Plugin software installers |
Version: before version 1.1.352.157 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:unite:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unite", "vendor": "intel", "versions": [ { "lessThan": "1.1.352.157", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-22378", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:42:27.377322Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:35:27.178Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel Unite(R) Client Extended Display Plugin software installers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 1.1.352.157" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:28.772Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01095.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01095.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-22378", "datePublished": "2024-08-14T13:45:28.772Z", "dateReserved": "2024-01-17T04:00:22.761Z", "dateUpdated": "2024-08-14T15:35:27.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-24980 (GCVE-0-2024-24980)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 13:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-693 - Protection mechanism failure
Summary
Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24980", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T13:59:03.650675Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:59:14.325Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-693", "description": "Protection mechanism failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:28.166Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-24980", "datePublished": "2024-08-14T13:45:28.166Z", "dateReserved": "2024-02-28T04:00:21.183Z", "dateUpdated": "2024-08-14T13:59:14.325Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21806 (GCVE-0-2024-21806)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 13:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-754 - Improper conditions check in Linux kernel mode driver
Summary
Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters E810 Series |
Version: before version 28.3 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21806", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T13:58:15.518636Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:58:23.147Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters E810 Series", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper conditions check in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-754", "description": "Improper conditions check in Linux kernel mode driver", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:47.893Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21806", "datePublished": "2024-08-14T13:45:47.893Z", "dateReserved": "2024-01-05T04:00:20.755Z", "dateUpdated": "2024-08-14T13:58:23.147Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28046 (GCVE-0-2024-28046)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) GPA software |
Version: before version 2024.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "graphics_performance_analyzer", "vendor": "intel", "versions": [ { "lessThan": "2024.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28046", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:38:03.379014Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:39:36.473Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) GPA software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel(R) GPA software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:26.495Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-28046", "datePublished": "2024-08-14T13:45:26.495Z", "dateReserved": "2024-03-01T04:00:12.564Z", "dateUpdated": "2024-08-14T14:39:36.473Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-34424 (GCVE-0-2023-34424)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-20 - Improper input validation
Summary
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) CSME |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-34424", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T15:59:08.540394Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:19:06.836Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) CSME", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.7, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-20", "description": "Improper input validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:42.453Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-34424", "datePublished": "2024-08-14T13:45:42.453Z", "dateReserved": "2023-06-17T03:00:02.897Z", "dateUpdated": "2024-08-14T16:19:06.836Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-48361 (GCVE-0-2023-48361)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-665 - Improper initialization
Summary
Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) CSME |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-48361", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T15:59:21.631175Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:19:40.226Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) CSME", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper initialization in firmware for some Intel(R) CSME may allow a privileged user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.6, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-665", "description": "Improper initialization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:41.346Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-48361", "datePublished": "2024-08-14T13:45:41.346Z", "dateReserved": "2023-11-27T04:00:20.188Z", "dateUpdated": "2024-08-14T16:19:40.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45230 (GCVE-0-2023-45230)
Vulnerability from cvelistv5
Published
2024-01-16 16:08
Modified
2025-05-07 20:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.957Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:tianocore:edk2:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edk2", "vendor": "tianocore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-45230", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-07T20:15:22.589498Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-05-07T20:15:44.890Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability." } ], "value": "EDK2\u0027s Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability." } ], "impacts": [ { "capecId": "CAPEC-540", "descriptions": [ { "lang": "en", "value": "CAPEC-540 Overread Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T02:06:15.223Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Buffer Overflow in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45230", "datePublished": "2024-01-16T16:08:01.058Z", "dateReserved": "2023-10-05T20:48:19.877Z", "dateUpdated": "2025-05-07T20:15:44.890Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-21844 (GCVE-0-2024-21844)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-190 - Integer overflow
Summary
Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) CSME |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21844", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T18:56:44.323216Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T18:57:27.876Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) CSME", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-190", "description": "Integer overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:41.918Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-21844", "datePublished": "2024-08-14T13:45:41.918Z", "dateReserved": "2024-01-05T04:00:20.781Z", "dateUpdated": "2024-08-16T18:57:27.876Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-25561 (GCVE-0-2024-25561)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 16:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) HID Event Filter software installers |
Version: before version 2.2.2.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:hid_event_filter_driver:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "hid_event_filter_driver", "vendor": "intel", "versions": [ { "lessThan": "2.2.2.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc510:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_m15_laptop_kit_lapbc510", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_m15_laptop_kit_lapbc710:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_m15_laptop_kit_lapbc710", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc710:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_m15_laptop_kit_laprc710", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_m15_laptop_kit_laprc510:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_m15_laptop_kit_laprc510", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_x15_laptop_kit_lapac71g:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_x15_laptop_kit_lapac71g", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_x15_laptop_kit_lapac71h:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_x15_laptop_kit_lapac71h", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_x15_laptop_kit_lapkc71f:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_x15_laptop_kit_lapkc71f", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:intel:nuc_x15_laptop_kit_lapkc51e:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_x15_laptop_kit_lapkc51e", "vendor": "intel", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-25561", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T15:52:53.546168Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T16:10:26.685Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) HID Event Filter software installers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2.2.2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-277", "description": "Insecure inherited permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:29.925Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-25561", "datePublished": "2024-08-14T13:45:29.925Z", "dateReserved": "2024-02-14T04:00:11.470Z", "dateUpdated": "2024-08-16T16:10:26.685Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-26022 (GCVE-0-2024-26022)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:uefi_integrator_tools_on_aptio_v_for_intel_nuc_win:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "uefi_integrator_tools_on_aptio_v_for_intel_nuc_win", "vendor": "intel", "versions": [ { "lessThan": "5.05.04.0008", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "5.13.00.2109", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "5.27.03.0006", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:intel:uefi_integrator_tools_on_aptio_v_for_intel_nuc_lnx:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "uefi_integrator_tools_on_aptio_v_for_intel_nuc_lnx", "vendor": "intel", "versions": [ { "lessThan": "5.05.04.0008", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "5.13.00.2106", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "5.27.06.0019", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26022", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T16:18:53.945286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:28:15.761Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:15.390Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01172.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01172.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-26022", "datePublished": "2024-08-14T13:45:15.390Z", "dateReserved": "2024-03-01T04:00:12.585Z", "dateUpdated": "2024-08-14T16:28:15.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-22184 (GCVE-0-2024-22184)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 17:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Summary
Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Quartus(R) Prime Pro Edition Design Software |
Version: before version 24.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:quartus_prime_pro:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "quartus_prime_pro", "vendor": "intel", "versions": [ { "lessThan": "24.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-22184", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T17:02:43.387445Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T17:05:18.541Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Quartus(R) Prime Pro Edition Design Software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 24.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:18.341Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01127.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01127.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-22184", "datePublished": "2024-08-14T13:45:18.341Z", "dateReserved": "2024-03-15T03:00:05.766Z", "dateUpdated": "2024-08-14T17:05:18.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-28050 (GCVE-0-2024-28050)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 15:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Arc(TM) & Iris(R) Xe Graphics software |
Version: before version 31.0.101.4824 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28050", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T15:47:58.957476Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T15:48:07.136Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 31.0.101.4824" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in some Intel(R) Arc(TM) \u0026 Iris(R) Xe Graphics software before version 31.0.101.4824 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-284", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:16.572Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-28050", "datePublished": "2024-08-14T13:45:16.572Z", "dateReserved": "2024-03-27T03:00:07.317Z", "dateUpdated": "2024-08-16T15:48:07.136Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-40067 (GCVE-0-2023-40067)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-09-06 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-252 - Unchecked return value
Summary
Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) CSME |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:intel:converged_security_management_engine_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "converged_security_management_engine_firmware", "vendor": "intel", "versions": [ { "lessThan": "15.0.49", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "15.40.34", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "16.1.32", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-40067", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T17:46:36.335445Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T17:58:38.210Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) CSME", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Unchecked return value in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable escalation of privilege via physical access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "baseScore": 5.7, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-252", "description": "Unchecked return value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:40.037Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-40067", "datePublished": "2024-08-14T13:45:40.037Z", "dateReserved": "2023-10-05T03:00:02.400Z", "dateUpdated": "2024-09-06T17:58:38.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-39539 (GCVE-0-2023-39539)
Vulnerability from cvelistv5
Published
2023-12-06 15:15
Modified
2024-12-02 14:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:10:21.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/811862" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240105-0003/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-39539", "options": [ { "Exploitation": "none" }, { "Automatable": "No" }, { "Technical Impact": "Total" } ], "role": "CISA Coordinator", "timestamp": "2024-12-02T14:54:33.817426Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-02T14:54:55.695Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AptioV", "vendor": "AMI", "versions": [ { "lessThan": "BKS_5.34", "status": "affected", "version": "BKS_5.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Binarly efiXplorer Team" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n" } ], "value": "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u00a0\n\n\n\n\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-21T01:33:19.683Z", "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI" }, "references": [ { "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf" }, { "url": "https://www.kb.cert.org/vuls/id/811862" }, { "url": "https://security.netapp.com/advisory/ntap-20240105-0003/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Failure when uploading a Logo image file", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "assignerShortName": "AMI", "cveId": "CVE-2023-39539", "datePublished": "2023-12-06T15:15:06.493Z", "dateReserved": "2023-08-03T17:11:02.847Z", "dateUpdated": "2024-12-02T14:54:55.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23499 (GCVE-0-2024-23499)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-29 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-693 - Protection mechanism failure
Summary
Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Ethernet Network Controllers and Adapters E810 Series |
Version: before version 28.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:intel:ethernet_network_controller_e810:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "ethernet_network_controller_e810", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23499", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-19T18:37:55.046954Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T17:42:51.221Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Ethernet Network Controllers and Adapters E810 Series", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Protection mechanism failure in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 28.3 may allow an unauthenticated user to potentially enable denial of service via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-693", "description": "Protection mechanism failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:46.816Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23499", "datePublished": "2024-08-14T13:45:46.816Z", "dateReserved": "2024-02-28T04:00:21.205Z", "dateUpdated": "2024-08-29T17:42:51.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-25562 (GCVE-0-2024-25562)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Distribution for GDB software |
Version: before version 2024.0.1 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25562", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T19:05:48.939289Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T19:06:10.315Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Distribution for GDB software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2024.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper buffer restrictions in some Intel(R) Distribution for GDB software before version 2024.0.1 may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-92", "description": "Improper buffer restrictions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:33.238Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-25562", "datePublished": "2024-08-14T13:45:33.238Z", "dateReserved": "2024-02-08T04:00:11.981Z", "dateUpdated": "2024-08-14T19:06:10.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-45236 (GCVE-0-2023-45236)
Vulnerability from cvelistv5
Published
2024-01-16 16:10
Modified
2025-06-02 15:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:19.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-45236", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-08T15:43:01.945966Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-02T15:08:46.317Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "status": "affected", "version": "edk2-stable202308" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quarkslab Vulnerability Reports Team" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "value": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality." } ], "impacts": [ { "capecId": "CAPEC-13", "descriptions": [ { "lang": "en", "value": "CAPEC-13 Subverting Environment Variable Values" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-07T17:06:52.762Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Predictable TCP ISNs in EDK II Network Package", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2023-45236", "datePublished": "2024-01-16T16:10:38.262Z", "dateReserved": "2023-10-05T20:48:19.879Z", "dateUpdated": "2025-06-02T15:08:46.317Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23974 (GCVE-0-2024-23974)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-276 - Incorrect default permissions
Summary
Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) ISH software installers |
Version: See references |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:nuc_m15_laptop_kit_integrated_sensor_hub_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nuc_m15_laptop_kit_integrated_sensor_hub_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "5.4.1.4479", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23974", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:42:11.203670Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:50:44.777Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) ISH software installers", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-276", "description": "Incorrect default permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:30.464Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01088.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01088.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23974", "datePublished": "2024-08-14T13:45:30.464Z", "dateReserved": "2024-02-14T04:00:11.423Z", "dateUpdated": "2024-08-14T15:50:44.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-25576 (GCVE-0-2024-25576)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - improper access control
Summary
improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) FPGA products |
Version: before version 24.1 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:intel:agilex_7_fpga_f-series_006_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:agilex_7_fpga_f-series_008_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:agilex_7_fpga_f-series_012_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:agilex_7_fpga_f-series_014_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:agilex_7_fpga_f-series_019_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "agilex_7_fpga_f-series_019_firmware", "vendor": "intel", "versions": [ { "lessThan": "24.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-25576", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T15:29:50.373490Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T15:47:09.041Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) FPGA products", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 24.1" } ] } ], "descriptions": [ { "lang": "en", "value": "improper access control in firmware for some Intel(R) FPGA products before version 24.1 may allow a privileged user to enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-284", "description": "improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:31.056Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01087.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01087.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-25576", "datePublished": "2024-08-14T13:45:31.056Z", "dateReserved": "2024-02-14T04:00:11.433Z", "dateUpdated": "2024-08-14T15:47:09.041Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-22374 (GCVE-0-2024-22374)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-691 - Insufficient control flow management
Summary
Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Xeon Processors |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-22374", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T16:03:42.710420Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T16:03:54.614Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Xeon Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-691", "description": "Insufficient control flow management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:35.501Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01073.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01073.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-22374", "datePublished": "2024-08-14T13:45:35.501Z", "dateReserved": "2024-01-24T04:00:22.647Z", "dateUpdated": "2024-08-14T16:03:54.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-38655 (GCVE-0-2023-38655)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 19:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) AMT and Intel(R) Standard Manageability |
Version: See references |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-38655", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T19:03:01.987926Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T19:03:30.192Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) AMT and Intel(R) Standard Manageability", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper buffer restrictions in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable denial of service via network access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "denial of service", "lang": "en" }, { "cweId": "CWE-92", "description": "Improper buffer restrictions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:43.058Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-38655", "datePublished": "2024-08-14T13:45:43.058Z", "dateReserved": "2023-08-04T03:00:04.748Z", "dateUpdated": "2024-08-16T19:03:30.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-22376 (GCVE-0-2024-22376)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-14 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path element
Summary
Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | installation software for Intel(R) Ethernet Adapter Driver Pack |
Version: before version 28.3 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:intel:ethernet_adapter_complete_driver_pack:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ethernet_adapter_complete_driver_pack", "vendor": "intel", "versions": [ { "lessThan": "28.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-22376", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T14:03:46.747515Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:05:24.643Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "installation software for Intel(R) Ethernet Adapter Driver Pack", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 28.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-427", "description": "Uncontrolled search path element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:25.960Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01106.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01106.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-22376", "datePublished": "2024-08-14T13:45:25.960Z", "dateReserved": "2024-03-01T04:00:12.554Z", "dateUpdated": "2024-08-14T14:05:24.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-23908 (GCVE-0-2024-23908)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 13:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-277 - Insecure inherited permissions
Summary
Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Flexlm License Daemons for Intel(R) FPGA software |
Version: before version v11.19.5.0 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:intel:fpga_add-on:11.19.5.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fpga_add-on", "vendor": "intel", "versions": [ { "status": "affected", "version": "11.19.5.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23908", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T13:55:23.917934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T13:59:02.864Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Flexlm License Daemons for Intel(R) FPGA software", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version v11.19.5.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in some Flexlm License Daemons for Intel(R) FPGA software before version v11.19.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "escalation of privilege", "lang": "en" }, { "cweId": "CWE-277", "description": "Insecure inherited permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:25.425Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01107.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01107.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2024-23908", "datePublished": "2024-08-14T13:45:25.425Z", "dateReserved": "2024-03-01T04:00:12.590Z", "dateUpdated": "2024-08-16T13:59:02.864Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-49144 (GCVE-0-2023-49144)
Vulnerability from cvelistv5
Published
2024-08-14 13:45
Modified
2024-08-16 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-125 - Out-of-bounds read
Summary
Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Server Platforms |
Version: before versions egs-1.15-0, bhs-0.27 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-49144", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T17:05:55.494459Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T17:06:08.236Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) Server Platforms", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before versions egs-1.15-0, bhs-0.27" } ] } ], "descriptions": [ { "lang": "en", "value": "Out of bounds read in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.15-0, bhs-0.27 may allow a privileged user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "cvssV4_0": { "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.1, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en" }, { "cweId": "CWE-125", "description": "Out-of-bounds read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-14T13:45:32.690Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2023-49144", "datePublished": "2024-08-14T13:45:32.690Z", "dateReserved": "2023-11-30T04:00:18.154Z", "dateUpdated": "2024-08-16T17:06:08.236Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-36763 (GCVE-0-2022-36763)
Vulnerability from cvelistv5
Published
2024-01-09 16:09
Modified
2025-06-03 14:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:14:28.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-36763", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-08T19:10:15.558775Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-06-03T14:31:14.290Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "edk2", "vendor": "TianoCore", "versions": [ { "lessThanOrEqual": "202311", "status": "affected", "version": "*", "versionType": "Stable" } ] } ], "credits": [ { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Doug Flick" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "EDK2 is susceptible to a vulnerability in the \u003ccode\u003eTcg2MeasureGptTable()\u003c/code\u003e function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability." } ], "value": "EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T02:06:09.743Z", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore" }, "references": [ { "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Heap Buffer Overflow in Tcg2MeasureGptTable", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2022-36763", "datePublished": "2024-01-09T16:09:11.058Z", "dateReserved": "2022-07-25T19:41:56.247Z", "dateUpdated": "2025-06-03T14:31:14.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…