Severity
Medium
Analysis Summary
CVE-2023-34315 CVSS:6.7
Intel Virtual RAID on CPU (VROC) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-41231 CVSS:6.7
Intel Assistive Context-Aware Toolkit (ACAT) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-32280 CVSS:5.3
Intel OpenBMC firmware could allow a remote attacker to obtain sensitive information, caused by insufficiently protected credentials. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2023-34315
- CVE-2023-41231
- CVE-2023-32280
Affected Vendors
Affected Products
- Intel Virtual RAID on CPU (VROC) 8.0
- Intel Virtual RAID on CPU (VROC) 7.7
- Intel Virtual RAID on CPU (VROC) 7.6
- Intel Virtual RAID on CPU (VROC) 7.5
- Intel Virtual RAID on CPU (VROC) 7.0.2
- Intel Virtual RAID on CPU (VROC) 7.0
- Intel Virtual RAID on CPU (VROC) 6.3
- Intel Assistive Context-Aware Toolkit (ACAT) 1.50.0
- Intel Assistive Context-Aware Toolkit (ACAT) 1.00.0
- Intel Assistive Context-Aware Toolkit (ACAT) 0.99.1
- Intel Assistive Context-Aware Toolkit (ACAT) 0.99
- Intel Assistive Context-Aware Toolkit (ACAT) 0.98
- Intel Assistive Context-Aware Toolkit (ACAT) 0.97.9.1
- Intel Assistive Context-Aware Toolkit (ACAT) 0.9.1
- Intel OpenBMC egs-1.04
- Intel OpenBMC egs-1.03
- Intel OpenBMC egs-1.0
- Intel OpenBMC egs-1.02
- Intel OpenBMC egs-1.01
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.