Request a Demo
Rewterz
Multiple IBM Products Vulnerabilities
May 20, 2024
Rewterz
Multiple Intel Products Vulnerabilities
May 20, 2024

Multiple Intel Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-24460 CVSS:8.2

Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-35192 CVSS:6.7

Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-41961 CVSS:6.7

Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by uncontrolled search path. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-43629 CVSS:7.8

Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-40071 CVSS:7.3

Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-21788 CVSS:6.7

Intel GPA Framework Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-43748 CVSS:7.8

Intel GPA Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2024-21861 CVSS:6.7

Intel GPA Framework Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-22095 CVSS:7.2

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PlatformVariableInitDxe driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-42668 CVSS:6.7

Intel Server Board Onboard Video Driver Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect default permissions flaw. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-23980 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions in PlatformPfrDxe driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-23487 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in UserAuthenticationSmm driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-22662 CVSS:5.8

Intel Server Products UEFI Firmware is vulnerable to a denial of service, caused by improper input validation of EpsdSrMgmtConfig. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-22382 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PprRequestLog module. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-24981 CVSS:7.5

Intel Server Products UEFI Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation in PfrSmiUpdateFw driver. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Privilege Escalation
  • Denial of Service

Indicators of Compromise

CVE

  • CVE-2023-24460
  • CVE-2023-35192
  • CVE-2023-41961
  • CVE-2023-43629
  • CVE-2023-40071
  • CVE-2024-21788
  • CVE-2023-43748
  • CVE-2024-21861
  • CVE-2024-22095
  • CVE-2023-42668
  • CVE-2024-23980
  • CVE-2024-23487
  • CVE-2023-22662
  • CVE-2024-22382
  • CVE-2024-24981

Affected Vendors

Intel

Affected Products

  • Intel Server D50DNP Family
  • Intel Server M50FCP Family
  • Intel Server Board S2600BP Family
  • Intel GPA software 2023.3
  • Intel GPA Framework software
  • Intel GPA software
  • Intel Server Board Onboard Video Driver

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-24460

CVE-2023-35192

CVE-2023-41961

CVE-2023-43629

CVE-2023-40071

CVE-2024-21788

CVE-2023-43748

CVE-2024-21861

CVE-2024-22095

CVE-2023-42668

CVE-2024-23980

CVE-2024-23487

CVE-2023-22662

CVE-2024-22382

CVE-2024-24981