CVE-2023-25545

Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html	Patch Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp1mhcrlc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp1mhcpac:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp2mhsvac:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp2mhstac:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp1mhcrac:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_d50tnp2mfalac:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp1ur204_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp1ur204:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp1ur212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp1ur212:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp2ur312_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp2ur312:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:intel:server_system_m50cyp2ur208_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m50cyp2ur208:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:49

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.7~~	v2 : unknown v3 : 8.2
References	~~() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory~~	() https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory

18 May 2023, 22:56

Type	Values Removed	Values Added
First Time		Intel server System D50tnp1mhcpac Intel server System D50tnp2mhsvac Intel server System D50tnp1mhcrac Intel server System M50cyp1ur204 Intel server System D50tnp1mhcrlc Firmware Intel server System D50tnp1mhcpac Firmware Intel server System M50cyp2ur208 Firmware Intel server System D50tnp2mfalac Intel server System D50tnp2mhstac Firmware Intel server System M50cyp2ur312 Firmware Intel Intel server System M50cyp2ur312 Intel server System M50cyp2ur208 Intel server System M50cyp1ur212 Intel server System D50tnp1mhcrlc Intel server System M50cyp1ur204 Firmware Intel server System D50tnp2mhstac Intel server System M50cyp1ur212 Firmware Intel server System D50tnp1mhcrac Firmware Intel server System D50tnp2mhsvac Firmware Intel server System D50tnp2mfalac Firmware
CPE		cpe:2.3:h:intel:server_system_m50cyp1ur212:-:::::::* cpe:2.3:h:intel:server_system_m50cyp2ur312:-:::::::* cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:::::::: cpe:2.3:o:intel:server_system_m50cyp1ur212_firmware:::::::: cpe:2.3:o:intel:server_system_m50cyp1ur204_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp2mfalac:-:::::::* cpe:2.3:h:intel:server_system_d50tnp2mhsvac:-:::::::* cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp1mhcpac:-:::::::* cpe:2.3:h:intel:server_system_m50cyp1ur204:-:::::::* cpe:2.3:o:intel:server_system_m50cyp2ur312_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:::::::: cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp1mhcrac:-:::::::* cpe:2.3:h:intel:server_system_d50tnp1mhcrlc:-:::::::* cpe:2.3:h:intel:server_system_m50cyp2ur208:-:::::::* cpe:2.3:o:intel:server_system_m50cyp2ur208_firmware:::::::: cpe:2.3:h:intel:server_system_d50tnp2mhstac:-:::::::*
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory
CWE		CWE-119
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7

10 May 2023, 14:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-10 14:15

Updated : 2024-11-21 07:49

NVD link : CVE-2023-25545

Mitre link : CVE-2023-25545

CVE.ORG link : CVE-2023-25545

JSON object : View

Products Affected

intel

server_system_d50tnp1mhcrlc_firmware
server_system_m50cyp2ur208_firmware
server_system_d50tnp1mhcpac
server_system_d50tnp2mfalac
server_system_d50tnp1mhcrac_firmware
server_system_m50cyp1ur212_firmware
server_system_m50cyp2ur312
server_system_d50tnp2mhstac
server_system_d50tnp1mhcrac
server_system_m50cyp1ur204_firmware
server_system_d50tnp1mhcrlc
server_system_d50tnp2mfalac_firmware
server_system_d50tnp2mhstac_firmware
server_system_d50tnp1mhcpac_firmware
server_system_d50tnp2mhsvac
server_system_m50cyp2ur208
server_system_m50cyp1ur212
server_system_m50cyp2ur312_firmware
server_system_d50tnp2mhsvac_firmware
server_system_m50cyp1ur204

CWE

CWE-92

DEPRECATED: Improper Sanitization of Custom Special Characters

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.2 /10