Vulnerabilites related to intel - nmb1xxd128gpsuf
CVE-2023-27517 (GCVE-0-2023-27517)
Vulnerability from cvelistv5
Published
2024-02-14 13:38
Modified
2024-08-16 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-284 - Improper access control
Summary
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) PMem software |
Version: before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "optane_persistent_memory_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "01.00.00.3547",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "02.00.00.3915",
"status": "affected",
"version": "02.00.00.0000",
"versionType": "custom"
},
{
"lessThan": "03.00.00.0483",
"status": "affected",
"version": "03.00.00.0000",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T19:23:57.345801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:51:16.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) PMem software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T13:38:00.967Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27517",
"datePublished": "2024-02-14T13:38:00.967Z",
"dateReserved": "2023-03-29T03:00:02.583Z",
"dateUpdated": "2024-08-16T15:51:16.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-02-14 14:15
Modified
2025-02-20 15:10
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0ABBD3-228C-4F02-8BC9-2545FC57E49A",
"versionEndExcluding": "01.00.00.3547",
"versionStartIncluding": "01.00.00.3072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nma1xxd128gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA3959A-A077-420F-9CF0-FCF926F78A1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd128gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C49C3C48-9452-417D-91A3-6282A5DF564E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd256gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF7A9E1-9610-42F8-BE3C-50B6C70EC2CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd256gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B5FFA-FD00-490D-9E33-2ADC23369773",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd512gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77357E64-833C-46E7-B84F-29F7ED3D0F31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd512gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E373F80-B81E-4B7F-9407-DD918E39DA90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA941AF-27A6-47B7-B2BC-1D9A88444664",
"versionEndExcluding": "02.00.00.3915",
"versionStartIncluding": "02.00.00.3423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nmb1xxd128gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBED201B-A64E-441E-A952-B3C8C56F87C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd128gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29CD8FF9-DA6B-4293-8F4B-8B4A02C4C1E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd256gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905C0399-6E5D-4D42-AA3D-D0ECC9117D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd256gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7380A6-CB51-4205-AAD7-AB75AB2638B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd512gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A86746AA-047D-4F7F-BD7F-0D18BF47F5EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd512gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3BC795-DAA0-48C5-BEBC-4A96B4FD3D0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AB913F-BA30-4911-BC6F-083DFF14F9E6",
"versionEndExcluding": "03.00.00.0483",
"versionStartIncluding": "03.00.00.0302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nmc2xxd128gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D76D5AB-0CF5-40E5-8DA5-31E27F58F236",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmc2xxd256gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "541DF110-3539-4F20-BAE9-039A969B1763",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmc2xxd512gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1535ED-13DC-4C08-BA2D-E8BE50C4A6CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en algunos software Intel(R) Optane(TM) PMem anteriores a las versiones 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 puede permitir que un usuario autentificado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2023-27517",
"lastModified": "2025-02-20T15:10:10.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T14:15:47.313",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}