

Multiple IBM Products Vulnerabilities
May 20, 2024
Multiple Intel Products Vulnerabilities
May 20, 2024
Multiple IBM Products Vulnerabilities
May 20, 2024
Multiple Intel Products Vulnerabilities
May 20, 2024Severity
High
Analysis Summary
CVE-2023-24460 CVSS:8.2
Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-35192 CVSS:6.7
Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-41961 CVSS:6.7
Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-43629 CVSS:7.8
Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-40071 CVSS:7.3
Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-21788 CVSS:6.7
Intel GPA Framework Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-43748 CVSS:7.8
Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-21861 CVSS:6.7
Intel GPA Framework Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-22095 CVSS:7.2
Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PlatformVariableInitDxe driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-42668 CVSS:6.7
Intel Server Board Onboard Video Driver Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permissions flaw. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-23980 CVSS:7.5
Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions in PlatformPfrDxe driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-23487 CVSS:7.5
Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in UserAuthenticationSmm driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-22662 CVSS:5.8
Intel Server Products UEFI Firmware is vulnerable to a denial of service, caused by improper input validation of EpsdSrMgmtConfig. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-22382 CVSS:7.5
Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PprRequestLog module. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-24981 CVSS:7.5
Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PfrSmiUpdateFw driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2023-24460
- CVE-2023-35192
- CVE-2023-41961
- CVE-2023-43629
- CVE-2023-40071
- CVE-2024-21788
- CVE-2023-43748
- CVE-2024-21861
- CVE-2024-22095
- CVE-2023-42668
- CVE-2024-23980
- CVE-2024-23487
- CVE-2023-22662
- CVE-2024-22382
- CVE-2024-24981
Affected Vendors
Affected Products
- Intel Server D50DNP Family
- Intel Server M50FCP Family
- Intel Server Board S2600BP Family
- Intel GPA software 2023.3
- Intel GPA Framework software
- Intel GPA software
- Intel Server Board Onboard Video Driver
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.