Severity
Medium
Analysis Summary
CVE-2023-22443 CVSS:6
Intel Server Board Baseboard Management Controller (BMC) is vulnerable to a denial of service, caused by an integer overflow flaw. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-24475 CVSS:6
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-25175 CVSS:6.1
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-28411 CVSS:6.3
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to obtain sensitive information, caused by a double free flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-25776 CVSS:6.3
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-22379 CVSS:6.7
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-22442 CVSS:7.9
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-25545 CVSS:8.2
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-22297 CVSS:8.2
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to gain elevated privileges on the system, caused by the access of memory location after end of buffer. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-22661 CVSS:8.2
Intel Server Board Baseboard Management Controller (BMC) could allow a local authenticated attacker to gain elevated privileges on the system, caused by a buffer overflow. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Privilege Escalation
- Denial of Service
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-22443
- CVE-2023-24475
- CVE-2023-25175
- CVE-2023-28411
- CVE-2023-25776
- CVE-2023-22379
- CVE-2023-22442
- CVE-2023-25545
- CVE-2023-22297
- CVE-2023-22661
Affected Vendors
Intel
Affected Products
- Intel Server Board M50CYP Family BMC
- Intel Server Board D50TNP Family BMC
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.