8.2
CVE-2023-22297
- EPSS 0.08%
- Veröffentlicht 10.05.2023 14:15:26
- Zuletzt bearbeitet 21.11.2024 07:44:28
- Quelle secure@intel.com
- Teams Watchlist Login
- Unerledigt Login
Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Intel ≫ Server System D50tnp1mhcrlc Firmware Version < 2.90
Intel ≫ Server System D50tnp1mhcpac Firmware Version < 2.90
Intel ≫ Server System D50tnp2mhsvac Firmware Version < 2.90
Intel ≫ Server System D50tnp2mhstac Firmware Version < 2.90
Intel ≫ Server System D50tnp1mhcrac Firmware Version < 2.90
Intel ≫ Server System D50tnp2mfalac Firmware Version < 2.90
Intel ≫ Server System M50cyp1ur204 Firmware Version < 2.90
Intel ≫ Server System M50cyp1ur212 Firmware Version < 2.90
Intel ≫ Server System M50cyp2ur312 Firmware Version < 2.90
Intel ≫ Server System M50cyp2ur208 Firmware Version < 2.90
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.203 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secure@intel.com | 8.2 | 1.5 | 6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-788 Access of Memory Location After End of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.