Request a Demo
Rewterz
Critical Vulnerabilities in Cacti Framework Could Allow Attackers to Run Malicious Code
May 16, 2024
Rewterz
APT32 SeaLotus aka OceanLotus Group – Active IOCs
May 16, 2024

Multiple Intel Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-45733 CVSS:2.8

Multiple Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by a race conditions in the hardware logic. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-46103 CVSS:4.7

Intel Core Ultra Processor is vulnerable to a denial of service, caused by a flaw in the sequence of processor instructions. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-21831 CVSS:6.7

Intel Processor Diagnostic Tool could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-21774 CVSS:6.7

Intel Processor Identification Utility Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-38654 CVSS:8.2

Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-47210 CVSS:4.7

Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-38654 CVSS:8.2

Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-40536 CVSS:4.3

Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by a race condition. A local attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-45845 CVSS:8.2

Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-38417 CVSS:4.3

Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper input validation. A remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2023-47859 CVSS:5.5

Intel PROSet/Wireless WiFi and Bluetooth are vulnerable to a denial of service, caused by improper access control. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-21814 CVSS:6.7

Intel Chipset Device Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-47855 CVSS:6

Intel TDX Module Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-45745 CVSS:7.9

Intel TDX Module Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Information Disclosure
  • Denial of Service
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2023-45733
  • CVE-2023-46103
  • CVE-2024-21831
  • CVE-2024-2177
  • CVE-2023-38654
  • CVE-2023-47210
  • CVE-2023-40536
  • CVE-2023-45845
  • CVE-2023-38417
  • CVE-2023-47859
  • CVE-2024-21814
  • CVE-2023-47855
  • CVE-2023-45745

Affected Vendors

Intel

Affected Products

  • Intel Wi-Fi 6 AX201
  • Intel Wireless-AC 9560
  • Intel Wireless-AC 9260
  • Intel Wireless 7265 (Rev D) Family
  • Intel Dual Band Wireless-AC 3165
  • Intel Wireless-AC 9461
  • Intel Killer Wi-Fi 6E AX1675
  • Intel Killer Wi-Fi 6 AX1650
  • Intel Wi-Fi 6 AX200
  • Intel Dual Band Wireless-AC 3168
  • Intel Dual Band Wireless-AC 3165
  • Intel 12th Generation Intel Core Processor Family
  • Intel Intel Pentium Gold Processor Family
  • Intel Intel Celeron Processor Family
  • Intel Atom Processor C Series
  • Intel Core Ultra Processors
  • Intel Processor Diagnostic Tool 4.1.9
  • Intel Processor Identification Utility Software 7.1
  • Intel Wi-Fi 6E AX210
  • Intel Wi-Fi 6E AX411
  • Intel Wi-Fi 6E AX211
  • Intel Wi-Fi 7 BE200
  • Intel Wi-Fi 7 BE202
  • Intel TDX Module Software
  • Intel Chipset Device Software 10.1.

Remediation

Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-45733

CVE-2023-46103

CVE-2024-21831

CVE-2024-21774

CVE-2023-38654

CVE-2023-47210

CVE-2023-38654

CVE-2023-40536

CVE-2023-45845

CVE-2023-38417

CVE-2023-47859

CVE-2024-21814

CVE-2023-47855

CVE-2023-45745