Main Vulnerability Database Vulnerabilities #VU96076

#VU96076 Input validation error in Intel products - CVE-2023-34424

Published: August 16, 2024

Vulnerability identifier: #VU96076

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-34424

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Converged Security and Management Engine (CSME)
Intel C420 Chipset
Intel X299 Chipset
Intel C230 series chipset
2nd Gen Intel Xeon Scalable processor
Intel Xeon W processor 3200 series
1st Gen Intel Xeon Scalable processor
Intel Xeon W processor 3100 series
8th Gen Intel Core processor
Intel 200 Series Chipset
Intel 100 Series Chipset
Intel 300 Series Chipset
Intel C240 Series Chipset
Pentium Gold processor series (G54XXU)
Celeron processor 4000 series
Intel 400 Series Chipset
Intel 500 series chipset
Intel C250 Series Chipset
Intel Atom x6000E series
Intel 600 Series Chipset
Intel Celeron Processor N Series
Intel Celeron Processor J Series
Intel Pentium Processor N Series
Intel Pentium Processor J Series

Software vendor:
Intel

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in firmware. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html

#VU96076 Input validation error in Intel products - CVE-2023-34424

Description

Remediation

External links

Please verify you're human