May 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Critical Vulnerabilities in Cacti Framework Could Allow Attackers to Run Malicious Code
May 16, 2024APT32 SeaLotus aka OceanLotus Group – Active IOCs
May 16, 2024Critical Vulnerabilities in Cacti Framework Could Allow Attackers to Run Malicious Code
May 16, 2024APT32 SeaLotus aka OceanLotus Group – Active IOCs
May 16, 2024
Severity
Medium
Analysis Summary
CVE-2023-45733 CVSS:2.8
Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by a race conditions in the hardware logic. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-46103 CVSS:4.7
Intel Core Ultra Processor is vulnerable to a denial of service, caused by a flaw in the sequence of processor instructions. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-21831 CVSS:6.7
Intel Processor Diagnostic Tool could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-21774 CVSS:6.7
Intel Processor Identification Utility Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-38654 CVSS:8.2
Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-47210 CVSS:4.7
Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-38654 CVSS:8.2
Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-40536 CVSS:4.3
Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by a race condition. A local attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-45845 CVSS:8.2
Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-38417 CVSS:4.3
Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-47859 CVSS:5.5
Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper access control. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-21814 CVSS:6.7
Intel Chipset Device Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-47855 CVSS:6
Intel TDX Module Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-45745 CVSS:7.9
Intel TDX Module Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Information Disclosure
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2023-45733
- CVE-2023-46103
- CVE-2024-21831
- CVE-2024-2177
- CVE-2023-38654
- CVE-2023-47210
- CVE-2023-40536
- CVE-2023-45845
- CVE-2023-38417
- CVE-2023-47859
- CVE-2024-21814
- CVE-2023-47855
- CVE-2023-45745
Affected Vendors
Intel
Affected Products
- Intel Wi-Fi 6 AX201
- Intel Wireless-AC 9560
- Intel Wireless-AC 9260
- Intel Wireless 7265 (Rev D) Family
- Intel Dual Band Wireless-AC 3165
- Intel Wireless-AC 9461
- Intel Killer Wi-Fi 6E AX1675
- Intel Killer Wi-Fi 6 AX1650
- Intel Wi-Fi 6 AX200
- Intel Dual Band Wireless-AC 3168
- Intel Dual Band Wireless-AC 3165
- Intel 12th Generation Intel Core Processor Family
- Intel Intel Pentium Gold Processor Family
- Intel Intel Celeron Processor Family
- Intel Atom Processor C Series
- Intel Core Ultra Processors
- Intel Processor Diagnostic Tool 4.1.9
- Intel Processor Identification Utility Software 7.1
- Intel Wi-Fi 6E AX210
- Intel Wi-Fi 6E AX411
- Intel Wi-Fi 6E AX211
- Intel Wi-Fi 7 BE200
- Intel Wi-Fi 7 BE202
- Intel TDX Module Software
- Intel Chipset Device Software 10.1.
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.
