Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-1176
Vulnerability from csaf_certbund
Published
2023-05-09 22:00
Modified
2023-05-09 22:00
Summary
Intel Firmware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Firmware ausnutzen, um seine Privilegien zu erhöhen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- BIOS/Firmware
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Firmware ausnutzen, um seine Privilegien zu erh\u00f6hen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1176 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1176.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1176 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1176"
},
{
"category": "external",
"summary": "Intel Security Advisory vom 2023-05-09",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"source_lang": "en-US",
"title": "Intel Firmware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-05-09T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:50:37.645+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1176",
"initial_release_date": "2023-05-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-05-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Intel Firmware Server Board BMC",
"product": {
"name": "Intel Firmware Server Board BMC",
"product_id": "T027648",
"product_identification_helper": {
"cpe": "cpe:/a:intel:firmware:server_board_bmc"
}
}
}
],
"category": "vendor",
"name": "Intel"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-22443",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Intels Firmware. Der Fehler besteht aufgrund eines Integer-\u00dcberlaufs. Ein lokaler Angreifer mit bestimmten Rechten kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-22443"
},
{
"cve": "CVE-2023-28411",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund mehrerer unsachgem\u00e4\u00dfer Eingabevalidierungen, einem Double Free und einem Out of Bounds Read. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-28411"
},
{
"cve": "CVE-2023-25776",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund mehrerer unsachgem\u00e4\u00dfer Eingabevalidierungen, einem Double Free und einem Out of Bounds Read. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-25776"
},
{
"cve": "CVE-2023-25175",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund mehrerer unsachgem\u00e4\u00dfer Eingabevalidierungen, einem Double Free und einem Out of Bounds Read. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-25175"
},
{
"cve": "CVE-2023-24475",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund mehrerer unsachgem\u00e4\u00dfer Eingabevalidierungen, einem Double Free und einem Out of Bounds Read. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-24475"
},
{
"cve": "CVE-2023-22379",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund mehrerer unsachgem\u00e4\u00dfer Eingabevalidierungen, einem Double Free und einem Out of Bounds Read. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-22379"
},
{
"cve": "CVE-2023-25545",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund von mehreren \u00dcberl\u00e4ufen, einem Zugriff auf eine Speicherstelle nach dem Ende eines Puffers und einem Out-of-Bounds-Write. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-25545"
},
{
"cve": "CVE-2023-22661",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund von mehreren \u00dcberl\u00e4ufen, einem Zugriff auf eine Speicherstelle nach dem Ende eines Puffers und einem Out-of-Bounds-Write. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-22661"
},
{
"cve": "CVE-2023-22442",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund von mehreren \u00dcberl\u00e4ufen, einem Zugriff auf eine Speicherstelle nach dem Ende eines Puffers und einem Out-of-Bounds-Write. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-22442"
},
{
"cve": "CVE-2023-22297",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in Intels Firmware. Die Fehler bestehen aufgrund von mehreren \u00dcberl\u00e4ufen, einem Zugriff auf eine Speicherstelle nach dem Ende eines Puffers und einem Out-of-Bounds-Write. Ein lokaler Angreifer mit bestimmten Privilegien kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern."
}
],
"product_status": {
"known_affected": [
"T027648"
]
},
"release_date": "2023-05-09T22:00:00.000+00:00",
"title": "CVE-2023-22297"
}
]
}
CVE-2023-25545 (GCVE-0-2023-25545)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-92 - Improper buffer restrictions
Summary
Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:27:34.667368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:03:29.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-92",
"description": "Improper buffer restrictions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:04.014Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25545",
"datePublished": "2023-05-10T13:17:04.014Z",
"dateReserved": "2023-02-15T04:00:03.037Z",
"dateUpdated": "2025-01-27T18:03:29.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25776 (GCVE-0-2023-25776)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:26:19.647845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:02:55.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:05.623Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25776",
"datePublished": "2023-05-10T13:17:05.623Z",
"dateReserved": "2023-02-15T04:00:02.911Z",
"dateUpdated": "2025-01-27T18:02:55.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22297 (GCVE-0-2023-22297)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-788 - Access of memory location after end of buffer
Summary
Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:27:37.351458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:03:42.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-788",
"description": "Access of memory location after end of buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:03.477Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22297",
"datePublished": "2023-05-10T13:17:03.477Z",
"dateReserved": "2023-02-15T04:00:03.017Z",
"dateUpdated": "2025-01-27T18:03:42.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28411 (GCVE-0-2023-28411)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-415 - Double free
Summary
Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:26:16.904215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:02:44.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-415",
"description": "Double free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:06.167Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28411",
"datePublished": "2023-05-10T13:17:06.167Z",
"dateReserved": "2023-03-22T03:00:05.332Z",
"dateUpdated": "2025-01-27T18:02:44.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25175 (GCVE-0-2023-25175)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:35.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25175",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:26:14.033198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:02:32.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:06.661Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-25175",
"datePublished": "2023-05-10T13:17:06.661Z",
"dateReserved": "2023-02-15T04:00:02.876Z",
"dateUpdated": "2025-01-27T18:02:32.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22379 (GCVE-0-2023-22379)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-20 - Improper input validation
Summary
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:26:22.584952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:03:07.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-20",
"description": "Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:05.067Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22379",
"datePublished": "2023-05-10T13:17:05.067Z",
"dateReserved": "2023-02-15T04:00:02.990Z",
"dateUpdated": "2025-01-27T18:03:07.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22443 (GCVE-0-2023-22443)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
- CWE-680 - Integer overflow
Summary
Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:26:08.347759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:02:05.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en"
},
{
"cweId": "CWE-680",
"description": "Integer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:08.741Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22443",
"datePublished": "2023-05-10T13:17:08.741Z",
"dateReserved": "2023-02-01T04:00:02.602Z",
"dateUpdated": "2025-01-27T18:02:05.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24475 (GCVE-0-2023-24475)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
- CWE-125 - Out-of-bounds read
Summary
Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:26:11.198233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:02:21.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en"
},
{
"cweId": "CWE-125",
"description": "Out-of-bounds read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:07.225Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-24475",
"datePublished": "2023-05-10T13:17:07.225Z",
"dateReserved": "2023-02-15T04:00:02.948Z",
"dateUpdated": "2025-01-27T18:02:21.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22661 (GCVE-0-2023-22661)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-120 - Buffer overflow
Summary
Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:13:49.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:27:40.160374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:03:54.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:02.969Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22661",
"datePublished": "2023-05-10T13:17:02.969Z",
"dateReserved": "2023-02-15T04:00:02.854Z",
"dateUpdated": "2025-01-27T18:03:54.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22442 (GCVE-0-2023-22442)
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2025-01-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-787 - Out-of-bounds Write
Summary
Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Server Board BMC firmware |
Version: before version 2.90 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:26:25.281309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:03:18.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Server Board BMC firmware",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2.90"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:04.514Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22442",
"datePublished": "2023-05-10T13:17:04.514Z",
"dateReserved": "2023-02-01T04:00:02.805Z",
"dateUpdated": "2025-01-27T18:03:18.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…