cvelistv5 - cve-2023-29500

CVE-2023-29500 (GCVE-0-2023-29500)

Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2024-10-02 13:28

Summary

Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

information disclosure
CWE-200 - Exposure of sensitive information to an unauthorized actor

Assigner

intel

References

URL

Tags

http://www.intel.com/content/www/us/en/security-c…

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) NUCs	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:46.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29500",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T13:12:04.860529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T13:28:17.458Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) NUCs",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-200",
              "description": "Exposure of sensitive information to an unauthorized actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-11T02:37:20.297Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
          "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-29500",
    "datePublished": "2023-08-11T02:37:20.297Z",
    "dateReserved": "2023-04-13T03:00:03.850Z",
    "dateUpdated": "2024-10-02T13:28:17.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi70z_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59AE540D-F5E3-49CD-B4DE-A430488F7B2D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi70z:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83F1BB2C-00A9-44DE-ADE2-C910E12AC664\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi50z_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"505B638A-F333-470E-B810-33FC3F4F40AE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi50z:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45F55CB5-5E7C-460F-8B49-F2BA47102884\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi30z_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8604BD6-E589-4917-A572-56208C42A082\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi30z:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8756CBA9-24C8-49E0-8622-95E25DAB64AA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi3_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DDB0B56-E7F9-4C36-B010-865F1A8363F0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53358E28-1529-478C-A1DC-39F05250C749\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi5_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"649AEF04-A296-48B6-9B97-2566039808A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"625FA81A-2E10-4910-8310-27C9577AB8D5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi7_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99A8EAEB-EBDA-41F9-94AC-EA2F3B6DFD93\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15EA0B24-5433-4188-82A4-3019247C3AE4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki3_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED113CB5-0FB5-4C6D-A515-C23EBB406987\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki3:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20B7156E-602E-4335-A0B2-A1E679194E54\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki5_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"764465AB-C78E-4AE0-B4C1-2D9DB51DD692\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46277E03-FB58-4FDB-834D-50E46D634800\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki7_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BAE0B70-2541-4EF2-8A9E-8E46B1D917AB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"044D872A-7C4D-45C8-9B81-B40D1B05A5A5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi50wa_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD5CE18A-073A-4B39-AD43-56657EBDD9C2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi50wa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71878455-5816-4C4E-9595-B44DCFAAB80C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi70qa_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FC4813F-A447-4558-96E1-0641036F3D4A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi70qa:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B23996D-1C22-42DF-8752-E5490D34AD64\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.\"}]",
      "id": "CVE-2023-29500",
      "lastModified": "2024-11-21T07:57:10.947",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@intel.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}]}",
      "published": "2023-08-11T03:15:31.163",
      "references": "[{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secure@intel.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-29500\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2023-08-11T03:15:31.163\",\"lastModified\":\"2024-11-21T07:57:10.947\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi70z_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AE540D-F5E3-49CD-B4DE-A430488F7B2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi70z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83F1BB2C-00A9-44DE-ADE2-C910E12AC664\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi50z_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"505B638A-F333-470E-B810-33FC3F4F40AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi50z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45F55CB5-5E7C-460F-8B49-F2BA47102884\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi30z_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8604BD6-E589-4917-A572-56208C42A082\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi30z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756CBA9-24C8-49E0-8622-95E25DAB64AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DDB0B56-E7F9-4C36-B010-865F1A8363F0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53358E28-1529-478C-A1DC-39F05250C749\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi5_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"649AEF04-A296-48B6-9B97-2566039808A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"625FA81A-2E10-4910-8310-27C9577AB8D5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi7_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99A8EAEB-EBDA-41F9-94AC-EA2F3B6DFD93\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15EA0B24-5433-4188-82A4-3019247C3AE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED113CB5-0FB5-4C6D-A515-C23EBB406987\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B7156E-602E-4335-A0B2-A1E679194E54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki5_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"764465AB-C78E-4AE0-B4C1-2D9DB51DD692\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46277E03-FB58-4FDB-834D-50E46D634800\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki7_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BAE0B70-2541-4EF2-8A9E-8E46B1D917AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"044D872A-7C4D-45C8-9B81-B40D1B05A5A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi50wa_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD5CE18A-073A-4B39-AD43-56657EBDD9C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi50wa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71878455-5816-4C4E-9595-B44DCFAAB80C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi70qa_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC4813F-A447-4558-96E1-0641036F3D4A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi70qa:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B23996D-1C22-42DF-8752-E5490D34AD64\"}]}]}],\"references\":[{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:07:46.318Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-29500\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-02T13:12:04.860529Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-02T13:28:13.784Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) NUCs\", \"versions\": [{\"status\": \"affected\", \"version\": \"See references\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"information disclosure\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"Exposure of sensitive information to an unauthorized actor\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2023-08-11T02:37:20.297Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-29500\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-02T13:28:17.458Z\", \"dateReserved\": \"2023-04-13T03:00:03.850Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2023-08-11T02:37:20.297Z\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0640

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
Client Intel Unite pour Mac versions antérieures à 4.2.11
Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
logiciel Intel VROC versions antérieures à 8.0.0.4035
Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
Logiciel Intel Easy Streaming Wizard toutes versions [1]
Application Android Intel Support versions antérieures à v23.02.07
Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
Logiciel Intel oneMKL versions antérieures à 2022.0
Logiciel Intel DTT versions antérieures à 8.7.10801.25109
Logiciel Intel AI Hackathon versions antérieures à 2.0.0
Logiciel Intel DSA versions antérieures à 23.1.9
Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
Outils Intel oneAPI versions antérieures à 2023.1.0
BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
Logiciel Intel Manageability Commander versions antérieures à 2.3
Logiciel Intel Unison versions antérieures à 10.12
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
Outils de développement Intel PSR versions antérieures à 1.0.0.20
Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
Application Android Intel Unite versions antérieures à 4.2.3504
Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
Logiciel Intel ITS versions antérieures à 3.1
Outils de développement Intel RealSense versions antérieures à 2.53.1

[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00846 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00844 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00897 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00893 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00899 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00828 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00813 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00912 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00859 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00932 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00812 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00892 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00934 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00795 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00938 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00826 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00862 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00818 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00836 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00840 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00873 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00742 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00794 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00766 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00879 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00905 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00837 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00783 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00830 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00842 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00877 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00848 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00829 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00917 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00946 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00800 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00890 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00850 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00849 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00868 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00878 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00907 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00690 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00875 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00872 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00835 du 08 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-32617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
    },
    {
      "name": "CVE-2023-27509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
    },
    {
      "name": "CVE-2023-31246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
    },
    {
      "name": "CVE-2023-23577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
    },
    {
      "name": "CVE-2022-44611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
    },
    {
      "name": "CVE-2023-28736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
    },
    {
      "name": "CVE-2023-29243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
    },
    {
      "name": "CVE-2023-34086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
    },
    {
      "name": "CVE-2023-27392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
    },
    {
      "name": "CVE-2023-24016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
    },
    {
      "name": "CVE-2022-27635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
    },
    {
      "name": "CVE-2023-28823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
    },
    {
      "name": "CVE-2023-22356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
    },
    {
      "name": "CVE-2023-27506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
    },
    {
      "name": "CVE-2023-32547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
    },
    {
      "name": "CVE-2022-36372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
    },
    {
      "name": "CVE-2023-25773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
    },
    {
      "name": "CVE-2023-28658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
    },
    {
      "name": "CVE-2022-37343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
    },
    {
      "name": "CVE-2022-36392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
    },
    {
      "name": "CVE-2023-27515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
    },
    {
      "name": "CVE-2022-38076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
    },
    {
      "name": "CVE-2023-27391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
    },
    {
      "name": "CVE-2022-37336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
    },
    {
      "name": "CVE-2023-28385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
    },
    {
      "name": "CVE-2023-25944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
    },
    {
      "name": "CVE-2023-29500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
    },
    {
      "name": "CVE-2023-22841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
    },
    {
      "name": "CVE-2022-38102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
    },
    {
      "name": "CVE-2023-22444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
    },
    {
      "name": "CVE-2023-32609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
    },
    {
      "name": "CVE-2023-28938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
    },
    {
      "name": "CVE-2023-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
    },
    {
      "name": "CVE-2023-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
    },
    {
      "name": "CVE-2023-22276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
    },
    {
      "name": "CVE-2023-33867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
    },
    {
      "name": "CVE-2022-29871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
    },
    {
      "name": "CVE-2022-40982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
    },
    {
      "name": "CVE-2022-29887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
    },
    {
      "name": "CVE-2023-32656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
    },
    {
      "name": "CVE-2023-22449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
    },
    {
      "name": "CVE-2023-25757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
    },
    {
      "name": "CVE-2023-25182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
    },
    {
      "name": "CVE-2022-29470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
    },
    {
      "name": "CVE-2023-29494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
    },
    {
      "name": "CVE-2023-28380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
    },
    {
      "name": "CVE-2022-41984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
    },
    {
      "name": "CVE-2023-22840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
    },
    {
      "name": "CVE-2022-40964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
    },
    {
      "name": "CVE-2023-34355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
    },
    {
      "name": "CVE-2022-38973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
    },
    {
      "name": "CVE-2022-34657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
    },
    {
      "name": "CVE-2023-29151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
    },
    {
      "name": "CVE-2022-43505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
    },
    {
      "name": "CVE-2022-36351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
    },
    {
      "name": "CVE-2023-34438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
    },
    {
      "name": "CVE-2023-28405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
    },
    {
      "name": "CVE-2023-34427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
    },
    {
      "name": "CVE-2023-32663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
    },
    {
      "name": "CVE-2022-41804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
    },
    {
      "name": "CVE-2022-45112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
    },
    {
      "name": "CVE-2023-27505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
    },
    {
      "name": "CVE-2023-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
    },
    {
      "name": "CVE-2023-22330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
    },
    {
      "name": "CVE-2023-27887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
    },
    {
      "name": "CVE-2022-43456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
    },
    {
      "name": "CVE-2023-32285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
    },
    {
      "name": "CVE-2022-46329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
    },
    {
      "name": "CVE-2023-32543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
    },
    {
      "name": "CVE-2023-34349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
    },
    {
      "name": "CVE-2023-22338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
    },
    {
      "name": "CVE-2023-26587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
    },
    {
      "name": "CVE-2023-30760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
    },
    {
      "name": "CVE-2022-44612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
    },
    {
      "name": "CVE-2023-25775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
    },
    {
      "name": "CVE-2022-27879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
    },
    {
      "name": "CVE-2022-25864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
    },
    {
      "name": "CVE-2023-23908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
    },
    {
      "name": "CVE-2022-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0640",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
    }
  ]
}

CERTFR-2023-AVI-0640

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
Client Intel Unite pour Mac versions antérieures à 4.2.11
Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
logiciel Intel VROC versions antérieures à 8.0.0.4035
Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
Logiciel Intel Easy Streaming Wizard toutes versions [1]
Application Android Intel Support versions antérieures à v23.02.07
Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
Logiciel Intel oneMKL versions antérieures à 2022.0
Logiciel Intel DTT versions antérieures à 8.7.10801.25109
Logiciel Intel AI Hackathon versions antérieures à 2.0.0
Logiciel Intel DSA versions antérieures à 23.1.9
Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
Outils Intel oneAPI versions antérieures à 2023.1.0
BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
Logiciel Intel Manageability Commander versions antérieures à 2.3
Logiciel Intel Unison versions antérieures à 10.12
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
Outils de développement Intel PSR versions antérieures à 1.0.0.20
Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
Application Android Intel Unite versions antérieures à 4.2.3504
Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
Logiciel Intel ITS versions antérieures à 3.1
Outils de développement Intel RealSense versions antérieures à 2.53.1

[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00846 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00844 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00897 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00893 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00899 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00828 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00813 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00912 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00859 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00932 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00812 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00892 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00934 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00795 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00938 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00826 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00862 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00818 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00836 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00840 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00873 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00742 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00794 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00766 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00879 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00905 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00837 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00783 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00830 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00842 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00877 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00848 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00829 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00917 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00946 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00800 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00890 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00850 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00849 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00868 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00878 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00907 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00690 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00875 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00872 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00835 du 08 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-32617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
    },
    {
      "name": "CVE-2023-27509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
    },
    {
      "name": "CVE-2023-31246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
    },
    {
      "name": "CVE-2023-23577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
    },
    {
      "name": "CVE-2022-44611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
    },
    {
      "name": "CVE-2023-28736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
    },
    {
      "name": "CVE-2023-29243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
    },
    {
      "name": "CVE-2023-34086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
    },
    {
      "name": "CVE-2023-27392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
    },
    {
      "name": "CVE-2023-24016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
    },
    {
      "name": "CVE-2022-27635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
    },
    {
      "name": "CVE-2023-28823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
    },
    {
      "name": "CVE-2023-22356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
    },
    {
      "name": "CVE-2023-27506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
    },
    {
      "name": "CVE-2023-32547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
    },
    {
      "name": "CVE-2022-36372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
    },
    {
      "name": "CVE-2023-25773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
    },
    {
      "name": "CVE-2023-28658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
    },
    {
      "name": "CVE-2022-37343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
    },
    {
      "name": "CVE-2022-36392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
    },
    {
      "name": "CVE-2023-27515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
    },
    {
      "name": "CVE-2022-38076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
    },
    {
      "name": "CVE-2023-27391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
    },
    {
      "name": "CVE-2022-37336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
    },
    {
      "name": "CVE-2023-28385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
    },
    {
      "name": "CVE-2023-25944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
    },
    {
      "name": "CVE-2023-29500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
    },
    {
      "name": "CVE-2023-22841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
    },
    {
      "name": "CVE-2022-38102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
    },
    {
      "name": "CVE-2023-22444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
    },
    {
      "name": "CVE-2023-32609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
    },
    {
      "name": "CVE-2023-28938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
    },
    {
      "name": "CVE-2023-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
    },
    {
      "name": "CVE-2023-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
    },
    {
      "name": "CVE-2023-22276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
    },
    {
      "name": "CVE-2023-33867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
    },
    {
      "name": "CVE-2022-29871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
    },
    {
      "name": "CVE-2022-40982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
    },
    {
      "name": "CVE-2022-29887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
    },
    {
      "name": "CVE-2023-32656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
    },
    {
      "name": "CVE-2023-22449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
    },
    {
      "name": "CVE-2023-25757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
    },
    {
      "name": "CVE-2023-25182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
    },
    {
      "name": "CVE-2022-29470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
    },
    {
      "name": "CVE-2023-29494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
    },
    {
      "name": "CVE-2023-28380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
    },
    {
      "name": "CVE-2022-41984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
    },
    {
      "name": "CVE-2023-22840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
    },
    {
      "name": "CVE-2022-40964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
    },
    {
      "name": "CVE-2023-34355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
    },
    {
      "name": "CVE-2022-38973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
    },
    {
      "name": "CVE-2022-34657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
    },
    {
      "name": "CVE-2023-29151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
    },
    {
      "name": "CVE-2022-43505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
    },
    {
      "name": "CVE-2022-36351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
    },
    {
      "name": "CVE-2023-34438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
    },
    {
      "name": "CVE-2023-28405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
    },
    {
      "name": "CVE-2023-34427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
    },
    {
      "name": "CVE-2023-32663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
    },
    {
      "name": "CVE-2022-41804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
    },
    {
      "name": "CVE-2022-45112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
    },
    {
      "name": "CVE-2023-27505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
    },
    {
      "name": "CVE-2023-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
    },
    {
      "name": "CVE-2023-22330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
    },
    {
      "name": "CVE-2023-27887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
    },
    {
      "name": "CVE-2022-43456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
    },
    {
      "name": "CVE-2023-32285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
    },
    {
      "name": "CVE-2022-46329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
    },
    {
      "name": "CVE-2023-32543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
    },
    {
      "name": "CVE-2023-34349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
    },
    {
      "name": "CVE-2023-22338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
    },
    {
      "name": "CVE-2023-26587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
    },
    {
      "name": "CVE-2023-30760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
    },
    {
      "name": "CVE-2022-44612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
    },
    {
      "name": "CVE-2023-25775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
    },
    {
      "name": "CVE-2022-27879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
    },
    {
      "name": "CVE-2022-25864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
    },
    {
      "name": "CVE-2023-23908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
    },
    {
      "name": "CVE-2022-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0640",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
    }
  ]
}

FKIE_CVE-2023-29500

Vulnerability from fkie_nvd - Published: 2023-08-11 03:15 - Updated: 2024-11-21 07:57

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.

References

	URL	Tags
	secure@intel.com	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html	Vendor Advisory

Impacted products

Vendor	Product	Version
intel	nuc_11_performance_kit_nuc11pahi70z_firmware	-
intel	nuc_11_performance_kit_nuc11pahi70z	-
intel	nuc_11_performance_kit_nuc11pahi50z_firmware	-
intel	nuc_11_performance_kit_nuc11pahi50z	-
intel	nuc_11_performance_kit_nuc11pahi30z_firmware	-
intel	nuc_11_performance_kit_nuc11pahi30z	-
intel	nuc_11_performance_kit_nuc11pahi3_firmware	-
intel	nuc_11_performance_kit_nuc11pahi3	-
intel	nuc_11_performance_kit_nuc11pahi5_firmware	-
intel	nuc_11_performance_kit_nuc11pahi5	-
intel	nuc_11_performance_kit_nuc11pahi7_firmware	-
intel	nuc_11_performance_kit_nuc11pahi7	-
intel	nuc_11_performance_kit_nuc11paki3_firmware	-
intel	nuc_11_performance_kit_nuc11paki3	-
intel	nuc_11_performance_kit_nuc11paki5_firmware	-
intel	nuc_11_performance_kit_nuc11paki5	-
intel	nuc_11_performance_kit_nuc11paki7_firmware	-
intel	nuc_11_performance_kit_nuc11paki7	-
intel	nuc_11_performance_mini_pc_nuc11paqi50wa_firmware	-
intel	nuc_11_performance_mini_pc_nuc11paqi50wa	-
intel	nuc_11_performance_mini_pc_nuc11paqi70qa_firmware	-
intel	nuc_11_performance_mini_pc_nuc11paqi70qa	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi70z_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AE540D-F5E3-49CD-B4DE-A430488F7B2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi70z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F1BB2C-00A9-44DE-ADE2-C910E12AC664",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi50z_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "505B638A-F333-470E-B810-33FC3F4F40AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi50z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "45F55CB5-5E7C-460F-8B49-F2BA47102884",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi30z_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8604BD6-E589-4917-A572-56208C42A082",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi30z:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8756CBA9-24C8-49E0-8622-95E25DAB64AA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DDB0B56-E7F9-4C36-B010-865F1A8363F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53358E28-1529-478C-A1DC-39F05250C749",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "649AEF04-A296-48B6-9B97-2566039808A9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "625FA81A-2E10-4910-8310-27C9577AB8D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi7_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A8EAEB-EBDA-41F9-94AC-EA2F3B6DFD93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15EA0B24-5433-4188-82A4-3019247C3AE4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED113CB5-0FB5-4C6D-A515-C23EBB406987",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20B7156E-602E-4335-A0B2-A1E679194E54",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki5_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "764465AB-C78E-4AE0-B4C1-2D9DB51DD692",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46277E03-FB58-4FDB-834D-50E46D634800",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki7_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAE0B70-2541-4EF2-8A9E-8E46B1D917AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "044D872A-7C4D-45C8-9B81-B40D1B05A5A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi50wa_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5CE18A-073A-4B39-AD43-56657EBDD9C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi50wa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71878455-5816-4C4E-9595-B44DCFAAB80C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi70qa_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FC4813F-A447-4558-96E1-0641036F3D4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi70qa:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B23996D-1C22-42DF-8752-E5490D34AD64",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access."
    }
  ],
  "id": "CVE-2023-29500",
  "lastModified": "2024-11-21T07:57:10.947",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 4.0,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-11T03:15:31.163",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "secure@intel.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HGP5-455W-HX99

Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:51

Details

Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-29500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-11T03:15:31Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.",
  "id": "GHSA-hgp5-455w-hx99",
  "modified": "2024-04-04T06:51:22Z",
  "published": "2023-08-11T03:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29500"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2023-2012

Vulnerability from csaf_certbund - Published: 2023-08-08 22:00 - Updated: 2024-06-26 22:00

Summary

Intel Firmware: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Firmware ist eine in die Geräte fest eingebettete Software, die dort grundlegende Funktionen leistet.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Firmware ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die Firmware ist eine in die Ger\u00e4te fest eingebettete Software, die dort grundlegende Funktionen leistet.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel Firmware ausnutzen, um seine Privilegien zu erh\u00f6hen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2012 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2012.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2012 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2012"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00829 vom 2023-08-08",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00868 vom 2023-08-08",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00892 vom 2023-08-08",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
      },
      {
        "category": "external",
        "summary": "Intel Security Advisory INTEL-SA-00917 vom 2023-08-08",
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-250 vom 2024-06-27",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226426/dsa-2024-250-security-update-for-dell-avamar-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Intel Firmware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-06-26T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:56:49.416+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2012",
      "initial_release_date": "2023-08-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-26T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cNUC 5.5.2.1",
                "product": {
                  "name": "Intel Firmware \u003cNUC 5.5.2.1",
                  "product_id": "T029212"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cNUC Pro Software Suite 2.0.0.9",
                "product": {
                  "name": "Intel Firmware \u003cNUC Pro Software Suite 2.0.0.9",
                  "product_id": "T029213"
                }
              },
              {
                "category": "product_version",
                "name": "NUC BIOS",
                "product": {
                  "name": "Intel Firmware NUC BIOS",
                  "product_id": "T029214",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:intel:firmware:nuc_bios"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Intel"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-36372",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2022-36372"
    },
    {
      "cve": "CVE-2022-37336",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2022-37336"
    },
    {
      "cve": "CVE-2023-22330",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-22330"
    },
    {
      "cve": "CVE-2023-22356",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-22356"
    },
    {
      "cve": "CVE-2023-22444",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-22444"
    },
    {
      "cve": "CVE-2023-22449",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-22449"
    },
    {
      "cve": "CVE-2023-23577",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-23577"
    },
    {
      "cve": "CVE-2023-27887",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-27887"
    },
    {
      "cve": "CVE-2023-28385",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-28385"
    },
    {
      "cve": "CVE-2023-29494",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-29494"
    },
    {
      "cve": "CVE-2023-29500",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-29500"
    },
    {
      "cve": "CVE-2023-32285",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-32285"
    },
    {
      "cve": "CVE-2023-32617",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-32617"
    },
    {
      "cve": "CVE-2023-34086",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-34086"
    },
    {
      "cve": "CVE-2023-34349",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-34349"
    },
    {
      "cve": "CVE-2023-34438",
      "notes": [
        {
          "category": "description",
          "text": "In Intel Firmware f\u00fcr NUC existieren mehrere Schwachstellen. Diese sind auf Fehler bei Speichergrenzen, Fehler in der Validierung von Eingaben, eine Path-Traversal-Anf\u00e4lligkeit, einem Fehler in der Autorisierung sowie einer Race-Condition zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T029214"
        ]
      },
      "release_date": "2023-08-08T22:00:00.000+00:00",
      "title": "CVE-2023-34438"
    }
  ]
}

GSD-2023-29500

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.

Aliases

CVE-2023-29500

Aliases

CVE-2023-29500

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-29500",
    "id": "GSD-2023-29500"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-29500"
      ],
      "details": "Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.",
      "id": "GSD-2023-29500",
      "modified": "2023-12-13T01:20:56.977386Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2023-29500",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel(R) NUCs",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "See references"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "information disclosure"
              },
              {
                "cweId": "CWE-200",
                "lang": "eng",
                "value": "Exposure of sensitive information to an unauthorized actor"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
            "refsource": "MISC",
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi70z_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi70z:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi50z_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi50z:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi30z_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi30z:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi3_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi5_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11pahi7_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11pahi7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki3_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki5_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_kit_nuc11paki7_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_kit_nuc11paki7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi50wa_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi50wa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:intel:nuc_11_performance_mini_pc_nuc11paqi70qa_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:intel:nuc_11_performance_mini_pc_nuc11paqi70qa:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2023-29500"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-08-18T14:33Z",
      "publishedDate": "2023-08-11T03:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-29500 (GCVE-0-2023-29500)

CERTFR-2023-AVI-0640

Solution

CERTFR-2023-AVI-0640

Solution

FKIE_CVE-2023-29500

GHSA-HGP5-455W-HX99

WID-SEC-W-2023-2012

GSD-2023-29500

Tags

Sightings

Nomenclature