#VU22947 Buffer overflow in Intel Ethernet 700 Series and Intel Ethernet 700 Series Controller Software
Vulnerability identifier: #VU22947
Vulnerability risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Intel Ethernet 700 Series
Hardware solutions /
Firmware
Intel Ethernet 700 Series Controller Software
Hardware solutions /
Drivers
Vendor: Intel
Description
The vulnerability allows a remote attacker to escalate privileges on the target system.
The vulnerability exists due to a boundary error in firmware. An attacker on adjacent network can trigger memory corruption and escalate privileges on the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Intel Ethernet 700 Series: All versions
Intel Ethernet 700 Series Controller Software: All versions
External links
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
http://support.f5.com/csp/article/K08441753?utm_source=f5support&utm_medium=RSS
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
