Severity
Medium
Analysis Summary
CVE-2023-31189 CVSS:5.3
Intel OpenBMC firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-27517 CVSS:6.6
Intel Optane Persistent Memory (PMem) management software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-39941 CVSS:7.1
Intel System Usage Report (SUR) software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2023-31189
- CVE-2023-27517
- CVE-2023-39941
Affected Vendors
Affected Products
- Intel OpenBMC egs-1.04
- Intel OpenBMC egs-1.03
- Intel OpenBMC egs-1.02
- Intel OpenBMC egs-1.01
- Intel Optane Persistent Memory (PMem) 03.00.00.0476
- Intel Optane Persistent Memory (PMem) 03.00.00.0468
- Intel Optane Persistent Memory (PMem) 03.00.00.0462
- Intel Optane Persistent Memory (PMem) 03.00.00.0455
- Intel Optane Persistent Memory (PMem) 02.00.00.3871
- Intel Optane Persistent Memory (PMem) 02.00.00.3869
- Intel Optane Persistent Memory (PMem) 02.00.00.3866
- Intel Optane Persistent Memory (PMem) 02.00.00.3852
- Intel Optane Persistent Memory (PMem) 01.00.00.3518
- Intel Optane Persistent Memory (PMem) 01.00.00.3515
- Intel Optane Persistent Memory (PMem) 01.00.00.3506
- Intel SUR 2.3
- Intel SUR 2.4
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.