CVE-2023-22442

Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html	Patch Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp1mhcrlc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp1mhcpac:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp2mhsvac:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp2mhstac:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp1mhcrac:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp2mfalac:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp1ur204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp1ur204:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp1ur212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp1ur212:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp2ur312_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp2ur312:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp2ur208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp2ur208:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:44

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 7.9
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory

18 May 2023, 19:06

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.1
CPE		cpe:2.3:h:intel:server_system_m50cyp1ur212:-:::::::* cpe:2.3:h:intel:server_system_m50cyp2ur312:-:::::::* cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:::::::: cpe:2.3:o:intel:server_system_m50cyp1ur212_firmware:::::::: cpe:2.3:o:intel:server_system_m50cyp1ur204_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp2mfalac:-:::::::* cpe:2.3:h:intel:server_system_d50tnp2mhsvac:-:::::::* cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp1mhcpac:-:::::::* cpe:2.3:h:intel:server_system_m50cyp1ur204:-:::::::* cpe:2.3:o:intel:server_system_m50cyp2ur312_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp1mhcrac:-:::::::* cpe:2.3:h:intel:server_system_d50tnp1mhcrlc:-:::::::* cpe:2.3:h:intel:server_system_m50cyp2ur208:-:::::::* cpe:2.3:o:intel:server_system_m50cyp2ur208_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp2mhstac:-:::::::*
CWE		CWE-787
First Time		Intel server System D50tnp1mhcpac Intel server System D50tnp2mhsvac Intel server System D50tnp1mhcrac Intel server System M50cyp1ur204 Intel server System D50tnp1mhcrlc Firmware Intel server System D50tnp1mhcpac Firmware Intel server System M50cyp2ur208 Firmware Intel server System D50tnp2mfalac Intel server System D50tnp2mhstac Firmware Intel server System M50cyp2ur312 Firmware Intel Intel server System M50cyp2ur312 Intel server System M50cyp2ur208 Intel server System M50cyp1ur212 Intel server System D50tnp1mhcrlc Intel server System M50cyp1ur204 Firmware Intel server System D50tnp2mhstac Intel server System M50cyp1ur212 Firmware Intel server System D50tnp1mhcrac Firmware Intel server System D50tnp2mhsvac Firmware Intel server System D50tnp2mfalac Firmware
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory

10 May 2023, 14:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-10 14:15

Updated : 2024-11-21 07:44

NVD link : CVE-2023-22442

Mitre link : CVE-2023-22442

CVE.ORG link : CVE-2023-22442

JSON object : View

Products Affected

intel

server_system_d50tnp1mhcrlc_firmware
server_system_m50cyp2ur208_firmware
server_system_d50tnp1mhcpac
server_system_d50tnp2mfalac
server_system_d50tnp1mhcrac_firmware
server_system_m50cyp1ur212_firmware
server_system_m50cyp2ur312
server_system_d50tnp2mhstac
server_system_d50tnp1mhcrac
server_system_m50cyp1ur204_firmware
server_system_d50tnp1mhcrlc
server_system_d50tnp2mfalac_firmware
server_system_d50tnp2mhstac_firmware
server_system_d50tnp1mhcpac_firmware
server_system_d50tnp2mhsvac
server_system_m50cyp2ur208
server_system_m50cyp1ur212
server_system_m50cyp2ur312_firmware
server_system_d50tnp2mhsvac_firmware
server_system_m50cyp1ur204

CWE

CWE-787

Out-of-bounds Write

7.9 /10