Vulnerability-Lookup

CERTFR-2024-AVI-0124

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	ACAT software maintenu par Intel versions antérieures à 2.0.0
Intel	N/A	Arm DS software pour Intel SoC FPGA versions antérieures à 2022.2
Intel	N/A	Tous les processeurs Intel Core de 6e, 7e, 8e ou 9e génération avec le pilote Intel Thunderbolt DCH toutes versions
Intel	N/A	Installation software pour Administrative Tools pour Intel Network Adapters versions antérieures à 28.2
Intel	N/A	Installation software pour Intel Ethernet Adapter Complete Driver Pack versions antérieures à 28.2
Intel	N/A	Installation software pour Intel Ethernet Connections Boot Utility, Preboot Images et pilotes EFI s versions antérieures à 28.2
Intel	N/A	Intel Advisor pour oneAPI versions antérieures à 2023.2.0
Intel	N/A	Intel Battery Life Diagnostic Tool software versions antérieures à 2.3.1
Intel	N/A	Intel Binary Configuration Tool software versions antérieures à 3.4.4
Intel	N/A	Intel CIP software versions antérieures à 2.4.10577
Intel	N/A	Intel Chipset Driver Software versions antérieures à 10.1.19444.8378
Intel	N/A	Intel Cluster Checker 2021.7.3
Intel	N/A	Intel DSA software versions antérieures à 23.4.33
Intel	N/A	Intel Distribution pour Python 2023.1
Intel	N/A	Intel IPP Cryptography versions antérieures à 2021.8.0
Intel	N/A	Intel ISPC versions antérieures à 1.21.0
Intel	N/A	Intel Inspector pour oneAPI versions antérieures à 2023.2.0
Intel	N/A	Intel Integrated Performance Primitives 2021.9.0
Intel	N/A	Micrologiciel du contrôleur Intel JHL8440 Thunderbolt 4 versions antérieures à 41
Intel	N/A	Intel MAS software versions antérieures à 2.3
Intel	N/A	Intel MPI Library software versions antérieures à 2021.11
Intel	N/A	Intel MPI Library versions antérieures à 2021.10.0
Intel	N/A	Intel OFU software versions antérieures à 14.1.31
Intel	N/A	Intel Optane PMem 100 Series management software versions antérieures à 01.00.00.3547
Intel	N/A	Intel Optane PMem 200 Series management software versions antérieures à 02.00.00.3915
Intel	N/A	Intel Optane PMem 300 Series management software versions antérieures à 03.00.00.0483
Intel	N/A	Intel Optimization pour TensorFlow versions antérieures à 2.13.0
Intel	N/A	Intel PCM software versions antérieures à 202307
Intel	N/A	Intel PM software toutes versions
Intel	N/A	Intel PROSet/Wireless Wi-Fi software versions antérieures à 22.240
Intel	N/A	Intel Killer Wi-Fi software version antérieures à 3.1423.712
Intel	N/A	Pilotes Intel QAT software pour Windows versions antérieures à QAT1.7-W-1.11.0
Intel	N/A	Intel QSFP+ Configuration Utility software toutes versions
Intel	N/A	Intel SDK pour OpenCL Applications software toutes versions
Intel	N/A	Intel SGX DCAP software pour Windows versions antérieures à 1.19.100.3
Intel	N/A	Intel SPS versions antérieures à SPS_E5_06.01.04.002.0
Intel	N/A	Intel SSU software versions antérieures à 3.0.0.2
Intel	N/A	Intel SUR software versions antérieures à 2.4.10587
Intel	N/A	Intel System Usage Report pour Gameplay Software version 2.0.1901
Intel	N/A	Pilote Intel Thunderbolt DCH pour Windows versions antérieures à 88
Intel	N/A	Intel Trace Analyzer and Collector 2021.10.0
Intel	N/A	Intel Unison software versions antérieures à C15
Intel	N/A	Intel Unite Client software versions antérieures à 4.2.35041
Intel	N/A	Intel VROC software versions antérieures à 8.0.8.1001
Intel	N/A	Intel VTune Profiler pour oneAPI versions antérieures à 2023.2.0
Intel	N/A	Intel XTU software versions antérieures à 7.12.0.29
Intel	N/A	Intel oneAPI AI Analytics Toolkit 2023.2
Intel	N/A	Intel oneAPI Base Toolkit versions antérieures à 2023.2.0
Intel	N/A	Intel oneAPI Deep Neural Network Library versions antérieures à 2023.2.0
Intel	N/A	Intel oneAPI HPC Toolkit versions antérieures à 2023.2.0
Intel	N/A	Intel oneAPI IoT Toolkit versions antérieures à 2023.2.0.
Intel	N/A	Intel oneAPI Math Kernel Library versions antérieures à 2023.2.0.
Intel	N/A	Intel oneAPI Threading Building Blocks versions antérieures à 2021.10.0.
Intel	N/A	Intel oneAPI Toolkit et du programme d'installation des composants versions antérieures à 4.3.2
Intel	N/A	Sapphire Rapids Eagle Stream avec les processeurs Intel Xeon Scalable de 4e génération versions antérieures à PLR4 Release

References

Title

Publication Time

Tags

Bulletin de sécurité Intel INTEL-SA-01004 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00947 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00992 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00956 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00969 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00993 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00981 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01003 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00987 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01006 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00959 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01014 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00967 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00954 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00913 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01005 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00998 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00994 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00927 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00851 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00948 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00988 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01011 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00958 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00903 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-01000 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00973 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00974 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00928 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00953 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00955 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00930 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00895 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Intel INTEL-SA-00922 du 13 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ACAT software maintenu par Intel versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Arm DS software pour Intel SoC FPGA versions ant\u00e9rieures \u00e0 2022.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Tous les processeurs Intel Core de 6e, 7e, 8e ou 9e g\u00e9n\u00e9ration avec le pilote Intel Thunderbolt DCH toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Installation software pour Administrative Tools pour Intel Network Adapters versions ant\u00e9rieures \u00e0 28.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Installation software pour Intel Ethernet Adapter Complete Driver Pack versions ant\u00e9rieures \u00e0 28.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Installation software pour Intel Ethernet Connections Boot Utility, Preboot Images et pilotes EFI s versions ant\u00e9rieures \u00e0 28.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Advisor pour oneAPI versions ant\u00e9rieures \u00e0 2023.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Battery Life Diagnostic Tool software versions ant\u00e9rieures \u00e0 2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Binary Configuration Tool software versions ant\u00e9rieures \u00e0 3.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CIP software versions ant\u00e9rieures \u00e0 2.4.10577",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Chipset Driver Software versions ant\u00e9rieures \u00e0 10.1.19444.8378",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Cluster Checker 2021.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel DSA software versions ant\u00e9rieures \u00e0 23.4.33",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Distribution pour Python 2023.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel IPP Cryptography versions ant\u00e9rieures \u00e0 2021.8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel ISPC versions ant\u00e9rieures \u00e0 1.21.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Inspector pour oneAPI versions ant\u00e9rieures \u00e0 2023.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Integrated Performance Primitives 2021.9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Micrologiciel du contr\u00f4leur Intel JHL8440 Thunderbolt 4 versions ant\u00e9rieures \u00e0 41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel MAS software versions ant\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel MPI Library software versions ant\u00e9rieures \u00e0 2021.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel MPI Library versions ant\u00e9rieures \u00e0 2021.10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel OFU software versions ant\u00e9rieures \u00e0 14.1.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Optane PMem 100 Series management software versions ant\u00e9rieures \u00e0 01.00.00.3547",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Optane PMem 200 Series management software versions ant\u00e9rieures \u00e0 02.00.00.3915",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Optane PMem 300 Series management software versions ant\u00e9rieures \u00e0 03.00.00.0483",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Optimization pour TensorFlow versions ant\u00e9rieures \u00e0 2.13.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel PCM software versions ant\u00e9rieures \u00e0 202307",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel PM software toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel PROSet/Wireless Wi-Fi software versions ant\u00e9rieures \u00e0 22.240",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Killer Wi-Fi software version ant\u00e9rieures \u00e0 3.1423.712",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Pilotes Intel QAT software pour Windows versions ant\u00e9rieures \u00e0 QAT1.7-W-1.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel QSFP+ Configuration Utility software toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SDK pour OpenCL Applications software toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SGX DCAP software pour Windows versions ant\u00e9rieures \u00e0 1.19.100.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions ant\u00e9rieures \u00e0 SPS_E5_06.01.04.002.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SSU software versions ant\u00e9rieures \u00e0 3.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SUR software versions ant\u00e9rieures \u00e0 2.4.10587",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel System Usage Report pour Gameplay Software version 2.0.1901",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Pilote Intel Thunderbolt DCH pour Windows versions ant\u00e9rieures \u00e0 88",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Trace Analyzer and Collector 2021.10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Unison software versions ant\u00e9rieures \u00e0 C15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Unite Client software versions ant\u00e9rieures \u00e0 4.2.35041",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel VROC software versions ant\u00e9rieures \u00e0 8.0.8.1001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel VTune Profiler pour oneAPI versions ant\u00e9rieures \u00e0 2023.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel XTU software versions ant\u00e9rieures \u00e0 7.12.0.29",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI AI Analytics Toolkit 2023.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Base Toolkit versions ant\u00e9rieures \u00e0 2023.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Deep Neural Network Library versions ant\u00e9rieures \u00e0 2023.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2023.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI IoT Toolkit versions ant\u00e9rieures \u00e0 2023.2.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Math Kernel Library versions ant\u00e9rieures \u00e0 2023.2.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Threading Building Blocks versions ant\u00e9rieures \u00e0 2021.10.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel oneAPI Toolkit et du programme d\u0027installation des composants versions ant\u00e9rieures \u00e0 4.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Sapphire Rapids Eagle Stream avec les processeurs Intel Xeon Scalable de 4e g\u00e9n\u00e9ration versions ant\u00e9rieures \u00e0 PLR4 Release",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-27307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27307"
    },
    {
      "name": "CVE-2023-25174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25174"
    },
    {
      "name": "CVE-2023-33875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33875"
    },
    {
      "name": "CVE-2023-28374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28374"
    },
    {
      "name": "CVE-2023-34315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34315"
    },
    {
      "name": "CVE-2023-38135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38135"
    },
    {
      "name": "CVE-2023-40161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40161"
    },
    {
      "name": "CVE-2023-32280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32280"
    },
    {
      "name": "CVE-2022-43703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43703"
    },
    {
      "name": "CVE-2023-39432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39432"
    },
    {
      "name": "CVE-2023-22293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22293"
    },
    {
      "name": "CVE-2023-35121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35121"
    },
    {
      "name": "CVE-2023-35062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35062"
    },
    {
      "name": "CVE-2023-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33870"
    },
    {
      "name": "CVE-2023-31189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31189"
    },
    {
      "name": "CVE-2023-28396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28396"
    },
    {
      "name": "CVE-2023-25073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25073"
    },
    {
      "name": "CVE-2023-26596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26596"
    },
    {
      "name": "CVE-2023-26592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26592"
    },
    {
      "name": "CVE-2023-28715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28715"
    },
    {
      "name": "CVE-2023-34983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34983"
    },
    {
      "name": "CVE-2023-38561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38561"
    },
    {
      "name": "CVE-2023-38566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38566"
    },
    {
      "name": "CVE-2023-32647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32647"
    },
    {
      "name": "CVE-2023-35769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35769"
    },
    {
      "name": "CVE-2023-28739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28739"
    },
    {
      "name": "CVE-2023-39425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39425"
    },
    {
      "name": "CVE-2023-28407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28407"
    },
    {
      "name": "CVE-2023-35060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35060"
    },
    {
      "name": "CVE-2023-29153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29153"
    },
    {
      "name": "CVE-2023-22390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22390"
    },
    {
      "name": "CVE-2023-24542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24542"
    },
    {
      "name": "CVE-2022-43701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43701"
    },
    {
      "name": "CVE-2023-41252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41252"
    },
    {
      "name": "CVE-2023-27517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27517"
    },
    {
      "name": "CVE-2023-26591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26591"
    },
    {
      "name": "CVE-2023-28745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28745"
    },
    {
      "name": "CVE-2023-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2804"
    },
    {
      "name": "CVE-2023-27300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27300"
    },
    {
      "name": "CVE-2023-24463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24463"
    },
    {
      "name": "CVE-2023-35003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35003"
    },
    {
      "name": "CVE-2023-35061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35061"
    },
    {
      "name": "CVE-2023-32644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32644"
    },
    {
      "name": "CVE-2023-25779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25779"
    },
    {
      "name": "CVE-2023-39941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39941"
    },
    {
      "name": "CVE-2023-26585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26585"
    },
    {
      "name": "CVE-2023-27308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27308"
    },
    {
      "name": "CVE-2023-29162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29162"
    },
    {
      "name": "CVE-2023-24591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24591"
    },
    {
      "name": "CVE-2023-34351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34351"
    },
    {
      "name": "CVE-2023-22342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22342"
    },
    {
      "name": "CVE-2023-26586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26586"
    },
    {
      "name": "CVE-2023-36490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36490"
    },
    {
      "name": "CVE-2023-25769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25769"
    },
    {
      "name": "CVE-2023-41231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41231"
    },
    {
      "name": "CVE-2022-43702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43702"
    },
    {
      "name": "CVE-2023-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41091"
    },
    {
      "name": "CVE-2023-36493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36493"
    },
    {
      "name": "CVE-2023-27301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27301"
    },
    {
      "name": "CVE-2023-32651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32651"
    },
    {
      "name": "CVE-2023-41090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41090"
    },
    {
      "name": "CVE-2023-32642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32642"
    },
    {
      "name": "CVE-2023-25951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25951"
    },
    {
      "name": "CVE-2023-30767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30767"
    },
    {
      "name": "CVE-2023-31271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31271"
    },
    {
      "name": "CVE-2023-22311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22311"
    },
    {
      "name": "CVE-2023-32646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32646"
    },
    {
      "name": "CVE-2023-42776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42776"
    },
    {
      "name": "CVE-2023-39932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39932"
    },
    {
      "name": "CVE-2023-25777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25777"
    },
    {
      "name": "CVE-2023-22848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22848"
    },
    {
      "name": "CVE-2023-25945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25945"
    },
    {
      "name": "CVE-2023-24589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24589"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2023-40154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40154"
    },
    {
      "name": "CVE-2023-32618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32618"
    },
    {
      "name": "CVE-2023-27303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27303"
    },
    {
      "name": "CVE-2023-40156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40156"
    },
    {
      "name": "CVE-2023-24481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24481"
    },
    {
      "name": "CVE-2023-28720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28720"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0124",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Intel\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01004 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01004.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00947 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00992 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00992.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00956 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00956.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00969 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00969.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00993 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00993.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00981 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00981.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01003 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01003.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00987 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00987.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01006 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00959 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00959.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01014 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01014.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00967 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00967.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00954 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00954.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00913 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00913.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01005 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01005.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00998 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00998.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00994 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00994.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00927 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00927.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00851 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00948 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00988 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01011 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01011.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00958 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00958.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00903 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00903.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01000 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01000.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00973 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00973.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00974 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00974.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00928 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00928.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00953 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00953.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00955 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00955.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00930 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00895 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00895.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00922 du 13 f\u00e9vrier 2024",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00922.html"
    }
  ]
}

CVE-2022-43701 (GCVE-0-2022-43701)

Vulnerability from cvelistv5 – Published: 2023-07-27 21:28 – Updated: 2025-02-13 16:33

Title

Insecure directory permissions on installer files

Summary

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-276 - Incorrect Default Permissions

Assigner

Arm

References

2 references

URL	Tags
https://developer.arm.com/documentation/ka005596/latest
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
Arm Ltd	Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)	Affected: AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases

Date Public

2023-07-05 08:00

Credits

FalconCorruption Intel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.204Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.arm.com/documentation/ka005596/latest"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-43701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T18:00:57.294499Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T18:02:56.608Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "installer"
          ],
          "product": "Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)",
          "vendor": "Arm Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To exploit this an attacker must have write access to the location where the software development tool is installed.\n\n\u003cbr\u003e"
            }
          ],
          "value": "To exploit this an attacker must have write access to the location where the software development tool is installed."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "FalconCorruption"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Intel"
        }
      ],
      "datePublic": "2023-07-05T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhen the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.\u003c/p\u003e"
            }
          ],
          "value": "When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T20:05:57.062Z",
        "orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
        "shortName": "Arm"
      },
      "references": [
        {
          "url": "https://developer.arm.com/documentation/ka005596/latest"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insecure directory permissions on  installer files",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "arm-security@arm.com",
          "ID": "CVE-2023-43701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Arm Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "5.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper directory permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.arm.com/documentation/ka005596/latest",
              "refsource": "MISC",
              "url": "https://developer.arm.com/documentation/ka005596/latest"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
    "assignerShortName": "Arm",
    "cveId": "CVE-2022-43701",
    "datePublished": "2023-07-27T21:28:08.461Z",
    "dateReserved": "2022-10-24T04:30:23.044Z",
    "dateUpdated": "2025-02-13T16:33:37.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43702 (GCVE-0-2022-43702)

Vulnerability from cvelistv5 – Published: 2023-07-27 21:47 – Updated: 2025-02-13 16:33

Title

Incomplete verification of installation file signature

Summary

When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.

Severity

No CVSS data available.

CWE

CWE-284 - Improper access control

Assigner

Arm

References

2 references

URL	Tags
https://developer.arm.com/documentation/ka005596/latest
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
Arm Ltd	Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)	Affected: AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases

Date Public

2023-07-05 08:00

Credits

FalconCorruption Intel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.arm.com/documentation/ka005596/latest"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-43702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T16:45:34.042437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-03T15:24:49.493Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "installer"
          ],
          "product": "Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)",
          "vendor": "Arm Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To exploit this an attacker must have write access to one of the installer\u0027s files.\n\n\u003cbr\u003e"
            }
          ],
          "value": "To exploit this an attacker must have write access to one of the installer\u0027s files."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "FalconCorruption"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Intel"
        }
      ],
      "datePublic": "2023-07-05T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhen the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.\u003c/p\u003e"
            }
          ],
          "value": "When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T20:05:58.914Z",
        "orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
        "shortName": "Arm"
      },
      "references": [
        {
          "url": "https://developer.arm.com/documentation/ka005596/latest"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Incomplete verification of installation file signature",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "arm-security@arm.com",
          "ID": "CVE-2023-43702",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Arm Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "5.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper directory permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.arm.com/documentation/ka005596/latest",
              "refsource": "MISC",
              "url": "https://developer.arm.com/documentation/ka005596/latest"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
    "assignerShortName": "Arm",
    "cveId": "CVE-2022-43702",
    "datePublished": "2023-07-27T21:47:25.882Z",
    "dateReserved": "2022-10-24T04:30:23.044Z",
    "dateUpdated": "2025-02-13T16:33:37.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-43703 (GCVE-0-2022-43703)

Vulnerability from cvelistv5 – Published: 2023-07-27 21:52 – Updated: 2025-02-13 16:33

Title

Incomplete verification of installation file signature

Summary

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

Severity

No CVSS data available.

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

Arm

References

2 references

URL	Tags
https://developer.arm.com/documentation/ka005596/latest
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
Arm Ltd	Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)	Affected: AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases

Date Public

2023-07-05 08:00

Credits

FalconCorruption Intel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://developer.arm.com/documentation/ka005596/latest"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "installer"
          ],
          "product": "Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)",
          "vendor": "Arm Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To exploit this an attacker must have write access to add or replace files in the installer\u0027s search path.\n\n\u003cbr\u003e"
            }
          ],
          "value": "To exploit this an attacker must have write access to add or replace files in the installer\u0027s search path."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "FalconCorruption"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Intel"
        }
      ],
      "datePublic": "2023-07-05T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.\u003c/p\u003e"
            }
          ],
          "value": "An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T20:05:55.283Z",
        "orgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
        "shortName": "Arm"
      },
      "references": [
        {
          "url": "https://developer.arm.com/documentation/ka005596/latest"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Incomplete verification of installation file signature",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "arm-security@arm.com",
          "ID": "CVE-2023-43703",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "AC5 All Releases, AC6 Releases prior to 6.20, ACEF All Releases, ADS All Releases, AF Releases prior to 22.1, AMS All releases, DS5 All Releases, FM All Releases, GT All Releases, KMDK All Releases, MS All Releases"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Arm Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "5.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Uncontrolled Search Path When Executing Installer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://developer.arm.com/documentation/ka005596/latest",
              "refsource": "MISC",
              "url": "https://developer.arm.com/documentation/ka005596/latest"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846",
    "assignerShortName": "Arm",
    "cveId": "CVE-2022-43703",
    "datePublished": "2023-07-27T21:52:29.229Z",
    "dateReserved": "2022-10-24T04:30:23.044Z",
    "dateUpdated": "2025-02-13T16:33:38.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22293 (GCVE-0-2023-22293)

Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2025-05-12 14:57

Summary

Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

escalation of privilege
CWE-284 - Improper access control

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Thunderbolt(TM) DCH drivers for Windows	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:05.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22293",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T20:08:23.927316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T14:57:51.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Thunderbolt(TM) DCH drivers for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in the Intel(R) Thunderbolt(TM) DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T13:37:39.054Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-22293",
    "datePublished": "2024-02-14T13:37:39.054Z",
    "dateReserved": "2023-02-24T04:00:02.206Z",
    "dateUpdated": "2025-05-12T14:57:51.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22311 (GCVE-0-2023-22311)

Vulnerability from cvelistv5 – Published: 2024-02-14 13:38 – Updated: 2025-05-12 14:58

Summary

Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

escalation of privilege
CWE-284 - Improper access control

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Optane(TM) PMem 100 Series Management Software	Affected: before version 01.00.00.3547

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:05.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22311",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:34:54.925511Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T14:58:35.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Optane(TM) PMem 100 Series Management Software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 01.00.00.3547"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T13:38:00.411Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-22311",
    "datePublished": "2024-02-14T13:38:00.411Z",
    "dateReserved": "2023-01-27T04:00:04.114Z",
    "dateUpdated": "2025-05-12T14:58:35.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22342 (GCVE-0-2023-22342)

Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2025-05-12 14:59

Summary

Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity

7.7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

CWE

escalation of privilege
CWE-20 - Improper input validation

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Thunderbolt(TM) DCH drivers for Windows	Affected: before version 88

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22342",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:45:16.900675Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T14:59:00.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Thunderbolt(TM) DCH drivers for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 88"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-20",
              "description": "Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T13:37:40.161Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-22342",
    "datePublished": "2024-02-14T13:37:40.161Z",
    "dateReserved": "2023-02-24T04:00:02.129Z",
    "dateUpdated": "2025-05-12T14:59:00.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22390 (GCVE-0-2023-22390)

Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2024-08-26 13:17

Summary

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

information disclosure
CWE-92 - Improper buffer restrictions

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Thunderbolt(TM) DCH drivers for Windows	Affected: before version 88

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T13:17:12.397254Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T13:17:20.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Thunderbolt(TM) DCH drivers for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 88"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-92",
              "description": "Improper buffer restrictions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T13:37:41.817Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-22390",
    "datePublished": "2024-02-14T13:37:41.817Z",
    "dateReserved": "2023-02-28T04:00:03.257Z",
    "dateUpdated": "2024-08-26T13:17:20.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22848 (GCVE-0-2023-22848)

Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2024-08-16 19:47

Summary

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

denial of service
CWE-284 - Improper access control

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Thunderbolt(TM) DCH drivers for Windows	Affected: before version 88

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:20:30.914Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22848",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-16T19:47:44.004003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T19:47:52.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Thunderbolt(TM) DCH drivers for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 88"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en"
            },
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T13:37:43.471Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-22848",
    "datePublished": "2024-02-14T13:37:43.471Z",
    "dateReserved": "2023-02-28T04:00:03.238Z",
    "dateUpdated": "2024-08-16T19:47:52.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24463 (GCVE-0-2023-24463)

Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2024-08-02 10:56

Summary

Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

information disclosure
CWE-20 - Improper input validation

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Thunderbolt(TM) DCH drivers for Windows	Affected: before version 88

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-14T18:42:02.231157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:21:22.999Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Thunderbolt(TM) DCH drivers for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 88"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-20",
              "description": "Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T13:37:45.613Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-24463",
    "datePublished": "2024-02-14T13:37:45.613Z",
    "dateReserved": "2023-03-01T18:23:25.262Z",
    "dateUpdated": "2024-08-02T10:56:04.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24481 (GCVE-0-2023-24481)

Vulnerability from cvelistv5 – Published: 2024-02-14 13:37 – Updated: 2025-05-08 15:23

Summary

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.

Severity

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE

escalation of privilege
CWE-284 - Improper access control

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Thunderbolt(TM) DCH drivers for Windows	Affected: before version 88

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.224Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:22:24.450192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T15:23:15.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Thunderbolt(TM) DCH drivers for Windows",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 88"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "escalation of privilege",
              "lang": "en"
            },
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-14T13:37:42.366Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00851.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-24481",
    "datePublished": "2024-02-14T13:37:42.366Z",
    "dateReserved": "2023-02-28T04:00:03.304Z",
    "dateUpdated": "2025-05-08T15:23:15.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0124

Solution

CVE-2022-43701 (GCVE-0-2022-43701)

CVE-2022-43702 (GCVE-0-2022-43702)

CVE-2022-43703 (GCVE-0-2022-43703)

CVE-2023-22293 (GCVE-0-2023-22293)

CVE-2023-22311 (GCVE-0-2023-22311)

CVE-2023-22342 (GCVE-0-2023-22342)

CVE-2023-22390 (GCVE-0-2023-22390)

CVE-2023-22848 (GCVE-0-2023-22848)

CVE-2023-24463 (GCVE-0-2023-24463)

CVE-2023-24481 (GCVE-0-2023-24481)

Tags

Sightings

Nomenclature