CVE-2023-22297
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
10/05/2023
Last modified:
07/11/2023
Description
Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:intel:server_system_d50tnp1mhcrlc_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) | |
| cpe:2.3:h:intel:server_system_d50tnp1mhcrlc:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:server_system_d50tnp1mhcpac_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) | |
| cpe:2.3:h:intel:server_system_d50tnp1mhcpac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:server_system_d50tnp2mhsvac_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) | |
| cpe:2.3:h:intel:server_system_d50tnp2mhsvac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:server_system_d50tnp2mhstac_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) | |
| cpe:2.3:h:intel:server_system_d50tnp2mhstac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:server_system_d50tnp1mhcrac_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) | |
| cpe:2.3:h:intel:server_system_d50tnp1mhcrac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:server_system_d50tnp2mfalac_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) | |
| cpe:2.3:h:intel:server_system_d50tnp2mfalac:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:server_system_m50cyp1ur204_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) | |
| cpe:2.3:h:intel:server_system_m50cyp1ur204:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:server_system_m50cyp1ur212_firmware:*:*:*:*:*:*:*:* | 2.90 (excluding) |
To consult the complete list of CPE names with products and versions, see this page