Risk | Low |
Patch available | YES |
Number of vulnerabilities | 10 |
CVE-ID | CVE-2023-22661 CVE-2023-22297 CVE-2023-25545 CVE-2023-22442 CVE-2023-22379 CVE-2023-25776 CVE-2023-28411 CVE-2023-25175 CVE-2023-24475 CVE-2023-22443 |
CWE-ID | CWE-119 CWE-788 CWE-787 CWE-20 CWE-415 CWE-125 CWE-190 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Intel Server Board Baseboard Management Controller (BMC) Hardware solutions / Firmware |
Vendor | Intel |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
EUVDB-ID: #VU76710
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22661
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76711
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22297
CWE-ID:
CWE-788 - Access of Memory Location After End of Buffer
Exploit availability: No
DescriptionThe vulnerability allows a local administrator to escalate privileges on the system.
The vulnerability exists due to access of memory location after end of buffer, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76712
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25545
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76714
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22442
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local administrator can trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76715
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22379
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76716
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25776
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76717
Risk: Low
CVSSv3.1: 2.5 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28411
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error. A local administrator can pass specially crafted data to the application, trigger double free error and gain access to sensitive information on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76718
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25175
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation. A local administrator can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76719
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24475
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local administrator can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76720
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22443
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A local administrator can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board Baseboard Management Controller (BMC): before 2.90
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.