6.5
CVE-2023-22276
- EPSS 0.03%
- Published 11.08.2023 03:15:16
- Last modified 21.11.2024 07:44:26
- Source secure@intel.com
- Teams watchlist Login
- Open Login
Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access.
Data is provided by the National Vulnerability Database (NVD)
Intel ≫ Ethernet Network Controller E810-xxvam2 Firmware Version < 1.7.2.4
Intel ≫ Ethernet Network Controller E810-cam1 Firmware Version < 1.7.2.4
Intel ≫ Ethernet Network Controller E810-cam2 Firmware Version < 1.7.2.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.051 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| secure@intel.com | 6.5 | 2 | 4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CWE-421 Race Condition During Access to Alternate Channel
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.