Request a Demo
Rewterz
Multiple SolarWinds Access Rights Manager Zero-Day Vulnerabilities
May 22, 2024
Rewterz
Remcos RAT – Active IOCs
May 22, 2024

Multiple Intel Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-47169 CVSS:3.3

Intel Media SDK is vulnerable to a denial of service, caused by improper buffer restrictions. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-47282 CVSS:3.9

Intel Media SDK and oneVPL software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-45221 CVSS:4.8

Intel Media SDK could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper buffer restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-22656 CVSS:3.9

Intel Media SDK and oneVPL software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds read. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-48368 CVSS:5.9

Intel Media SDK is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2022-37410 CVSS:7

Intel Thunderbolt driver software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-27504 CVSS:7.2

Intel BIOS Guard and PPAM Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper conditions check. By sending a specially crafted, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-28383 CVSS:6.1

Intel BIOS Guard and PPAM Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper conditions check. By sending a specially crafted, an attacker could exploit this vulnerability to escalate privileges.

CVE-2023-28402 CVSS:7.2

Intel BIOS Guard and PPAM Firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted, an attacker could exploit this vulnerability to escalate privileges.

Impact

  • Denial of Service
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2023-47169
  • CVE-2023-47282
  • CVE-2023-45221
  • CVE-2023-22656
  • CVE-2023-48368
  • CVE-2022-37410
  • CVE-2023-27504
  • CVE-2023-28383
  • CVE-2023-28402

Affected Vendors

Intel

Affected Products

  • Intel Media SDK
  • Intel oneVPL software
  • Intel Thunderbolt driver software
  • Intel BIOS Guard and PPAM Firmware

Remediation

Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.

Intel Media SDK

Intel oneVPL software

Intel Thunderbolt driver software

Intel BIOS Guard and PPAM Firmware