Request a Demo
Rewterz
North Korean Cybercriminals Use New Golang Malware ‘Durian’ to Target Crypto Companies – Active IOCs
May 14, 2024
Rewterz
Integrated Cellular Modem Vulnerabilities Put Millions of IoT Devices at Risk
May 14, 2024

Multiple Intel Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-25945 CVSS:6.7

Intel One Boot Flash Update (OFU) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a protection mechanism failure. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-32646 CVSS:6.7

Intel Virtual RAID on CPU (VROC) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. By placing a specially crafted file in the search path, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2023-39425 CVSS:8.8

Intel Driver & Support Assistant (DSA) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-30767 CVSS:5.5

Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper bounds checking. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39432 CVSS:6.7

Intel Ethernet tools and driver install software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Privilege Escalation
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2023-25945
  • CVE-2023-32646
  • CVE-2023-39425
  • CVE-2023-30767
  • CVE-2023-39432

Affected Vendors

Intel

Affected Products

  • Intel One Boot Flash Update (OFU) 14.1.30
  • Intel One Boot Flash Update (OFU) 14.1.28
  • Intel Virtual RAID on CPU (VROC) 8.0
  • Intel Virtual RAID on CPU (VROC) 7.7
  • Intel Virtual RAID on CPU (VROC) 7.6
  • Intel Virtual RAID on CPU (VROC) 7.5
  • Intel Virtual RAID on CPU (VROC) 7.0
  • Intel Optimization for TensorFlow 2.13.0-rc2
  • Intel Optimization for TensorFlow 2.13.0-rc1
  • Intel Optimization for TensorFlow 2.13.0-rc0
  • Intel Optimization for TensorFlow 2.12.0
  • Intel Optimization for TensorFlow 2.11.1
  • Intel Optimization for TensorFlow 2.9.3
  • Intel Optimization for TensorFlow 2.8.4
  • Intel Optimization for TensorFlow 2.10.0
  • Intel Optimization for TensorFlow 2.9.2
  • Intel Optimization for TensorFlow 2.8.3
  • Intel Optimization for TensorFlow 2.9.0
  • Intel Optimization for TensorFlow 2.7.3
  • Intel Optimization for TensorFlow 2.8.2
  • Intel Optimization for TensorFlow 2.6.5
  • Intel Optimization for TensorFlow 2.9.1
  • Intel Optimization for TensorFlow 2.7.4
  • Intel Ethernet tools and driver install software 28.1
  • Intel Ethernet tools and driver install software 28.0
  • Intel Driver and Support Assistant (DSA) 22.5.33
  • Intel Driver and Support Assistant (DSA) 22.5.34
  • Intel Driver and Support Assistant (DSA) 22.6.42
  • Intel Driver and Support Assistant (DSA) 22.8.50
  • Intel Driver and Support Assistant (DSA) 23.1.9
  • Intel Driver and Support Assistant (DSA) 23.2.17
  • Intel Driver and Support Assistant (DSA) 23.3.25

Remediation

Refer to INTEL-Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-25945

CVE-2023-32646

CVE-2023-39425

CVE-2023-30767

CVE-2023-39432