CVE-2022-29494

EPSS 0.12%
Published 16.02.2023 21:15:11
Last modified 21.11.2024 06:59:11
Source secure@intel.com
Teams watchlist Login
Open Login

Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Openbmc Version < wht-1.01-61_0.72

   Intel ≫ C621a Version-
   Intel ≫ C627a Version-
   Intel ≫ C629a Version-
   Intel ≫ Xeon Gold 5315y Version-
   Intel ≫ Xeon Gold 5317 Version-
   Intel ≫ Xeon Gold 5318h Version-
   Intel ≫ Xeon Gold 5318n Version-
   Intel ≫ Xeon Gold 5318s Version-
   Intel ≫ Xeon Gold 5318y Version-
   Intel ≫ Xeon Gold 5320 Version-
   Intel ≫ Xeon Gold 5320h Version-
   Intel ≫ Xeon Gold 5320t Version-
   Intel ≫ Xeon Gold 6312u Version-
   Intel ≫ Xeon Gold 6314u Version-
   Intel ≫ Xeon Gold 6326 Version-
   Intel ≫ Xeon Gold 6328h Version-
   Intel ≫ Xeon Gold 6328hl Version-
   Intel ≫ Xeon Gold 6330 Version-
   Intel ≫ Xeon Gold 6330h Version-
   Intel ≫ Xeon Gold 6330n Version-
   Intel ≫ Xeon Gold 6334 Version-
   Intel ≫ Xeon Gold 6336y Version-
   Intel ≫ Xeon Gold 6338 Version-
   Intel ≫ Xeon Gold 6338n Version-
   Intel ≫ Xeon Gold 6338t Version-
   Intel ≫ Xeon Gold 6342 Version-
   Intel ≫ Xeon Gold 6346 Version-
   Intel ≫ Xeon Gold 6348 Version-
   Intel ≫ Xeon Gold 6348h Version-
   Intel ≫ Xeon Gold 6354 Version-
   Intel ≫ Xeon Platinum 8351n Version-
   Intel ≫ Xeon Platinum 8352m Version-
   Intel ≫ Xeon Platinum 8352s Version-
   Intel ≫ Xeon Platinum 8352v Version-
   Intel ≫ Xeon Platinum 8352y Version-
   Intel ≫ Xeon Platinum 8353h Version-
   Intel ≫ Xeon Platinum 8354h Version-
   Intel ≫ Xeon Platinum 8356h Version-
   Intel ≫ Xeon Platinum 8358 Version-
   Intel ≫ Xeon Platinum 8358p Version-
   Intel ≫ Xeon Platinum 8360h Version-
   Intel ≫ Xeon Platinum 8360hl Version-
   Intel ≫ Xeon Platinum 8360y Version-
   Intel ≫ Xeon Platinum 8362 Version-
   Intel ≫ Xeon Platinum 8368 Version-
   Intel ≫ Xeon Platinum 8368q Version-
   Intel ≫ Xeon Platinum 8376h Version-
   Intel ≫ Xeon Platinum 8376hl Version-
   Intel ≫ Xeon Platinum 8380 Version-
   Intel ≫ Xeon Platinum 8380h Version-
   Intel ≫ Xeon Platinum 8380hl Version-
   Intel ≫ Xeon Silver 4309y Version-
   Intel ≫ Xeon Silver 4310 Version-
   Intel ≫ Xeon Silver 4310t Version-
   Intel ≫ Xeon Silver 4314 Version-
   Intel ≫ Xeon Silver 4316 Version-

Intel ≫ Openbmc Version < egs-0.91-179

Intel ≫ C741 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.279

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
secure@intel.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-29494

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29494

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29494

EUVD