Analysis Summary

CVE-2023-34315 CVSS:6.7

Intel Virtual RAID on CPU (VROC) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-41231 CVSS:6.7

Intel Assistive Context-Aware Toolkit (ACAT) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-32280 CVSS:5.3

Intel OpenBMC firmware could allow a remote attacker to obtain sensitive information, caused by insufficiently protected credentials. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

• Privilege Escalation
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2023-34315
• CVE-2023-41231
• CVE-2023-32280

Affected Vendors

Affected Products

• Intel Virtual RAID on CPU (VROC) 8.0
• Intel Virtual RAID on CPU (VROC) 7.7
• Intel Virtual RAID on CPU (VROC) 7.6
• Intel Virtual RAID on CPU (VROC) 7.5
• Intel Virtual RAID on CPU (VROC) 7.0.2
• Intel Virtual RAID on CPU (VROC) 7.0
• Intel Virtual RAID on CPU (VROC) 6.3
• Intel Assistive Context-Aware Toolkit (ACAT) 1.50.0
• Intel Assistive Context-Aware Toolkit (ACAT) 1.00.0
• Intel Assistive Context-Aware Toolkit (ACAT) 0.99.1
• Intel Assistive Context-Aware Toolkit (ACAT) 0.99
• Intel Assistive Context-Aware Toolkit (ACAT) 0.98
• Intel Assistive Context-Aware Toolkit (ACAT) 0.97.9.1
• Intel Assistive Context-Aware Toolkit (ACAT) 0.9.1
• Intel OpenBMC egs-1.04
• Intel OpenBMC egs-1.03
• Intel OpenBMC egs-1.0
• Intel OpenBMC egs-1.02
• Intel OpenBMC egs-1.01

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-34315

CVE-2023-41231

CVE-2023-32280