CVE-2023-28411

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-28411
Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 4.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html Patch Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp1mhcrlc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp1mhcpac:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp2mhsvac:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp2mhstac:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp1mhcrac:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp2mfalac:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:intel:server_system_m50cyp1ur204_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_m50cyp1ur204:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:intel:server_system_m50cyp1ur212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_m50cyp1ur212:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:intel:server_system_m50cyp2ur312_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_m50cyp2ur312:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:intel:server_system_m50cyp2ur208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_m50cyp2ur208:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5 		v2 : unknown
v3 : 6.3
References () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory

18 May 2023, 22:55

Type Values Removed Values Added
References (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-415
First Time Intel server System D50tnp1mhcpac
Intel server System D50tnp2mhsvac
Intel server System D50tnp1mhcrac
Intel server System M50cyp1ur204
Intel server System D50tnp1mhcrlc Firmware
Intel server System D50tnp1mhcpac Firmware
Intel server System M50cyp2ur208 Firmware
Intel server System D50tnp2mfalac
Intel server System D50tnp2mhstac Firmware
Intel server System M50cyp2ur312 Firmware
Intel
Intel server System M50cyp2ur312
Intel server System M50cyp2ur208
Intel server System M50cyp1ur212
Intel server System D50tnp1mhcrlc
Intel server System M50cyp1ur204 Firmware
Intel server System D50tnp2mhstac
Intel server System M50cyp1ur212 Firmware
Intel server System D50tnp1mhcrac Firmware
Intel server System D50tnp2mhsvac Firmware
Intel server System D50tnp2mfalac Firmware
CPE cpe:2.3:h:intel:server_system_m50cyp1ur212:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_m50cyp2ur312:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_m50cyp1ur212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_m50cyp1ur204_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp2mfalac:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp2mhsvac:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp1mhcpac:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_m50cyp1ur204:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_m50cyp2ur312_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp1mhcrac:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp1mhcrlc:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_m50cyp2ur208:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:server_system_m50cyp2ur208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_system_d50tnp2mhstac:-:*:*:*:*:*:*:*

10 May 2023, 14:38

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-10 14:15

Updated : 2024-11-21 07:55

NVD link : CVE-2023-28411

Mitre link : CVE-2023-28411

CVE.ORG link : CVE-2023-28411

JSON object : View

Products Affected

intel

  • server_system_d50tnp1mhcrlc_firmware
  • server_system_m50cyp2ur208_firmware
  • server_system_d50tnp1mhcpac
  • server_system_d50tnp2mfalac
  • server_system_d50tnp1mhcrac_firmware
  • server_system_m50cyp1ur212_firmware
  • server_system_m50cyp2ur312
  • server_system_d50tnp2mhstac
  • server_system_d50tnp1mhcrac
  • server_system_m50cyp1ur204_firmware
  • server_system_d50tnp1mhcrlc
  • server_system_d50tnp2mfalac_firmware
  • server_system_d50tnp2mhstac_firmware
  • server_system_d50tnp1mhcpac_firmware
  • server_system_d50tnp2mhsvac
  • server_system_m50cyp2ur208
  • server_system_m50cyp1ur212
  • server_system_m50cyp2ur312_firmware
  • server_system_d50tnp2mhsvac_firmware
  • server_system_m50cyp1ur204
CWE
CWE-415

Double Free