diff --git a/2023/28xxx/CVE-2023-28376.json b/2023/28xxx/CVE-2023-28376.json index eb1ae549f3d..5b8d988901b 100644 --- a/2023/28xxx/CVE-2023-28376.json +++ b/2023/28xxx/CVE-2023-28376.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Out-of-bounds read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) E810 Ethernet Controllers and Adapters", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.7.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00869.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/28xxx/CVE-2023-28377.json b/2023/28xxx/CVE-2023-28377.json index 1ee0ad66dc4..a9c361d58b6 100644 --- a/2023/28xxx/CVE-2023-28377.json +++ b/2023/28xxx/CVE-2023-28377.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) NUC Kit NUC11PH USB firmware installation software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.1 for Windows" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/28xxx/CVE-2023-28397.json b/2023/28xxx/CVE-2023-28397.json index e70574d2f43..d2bf38aa73e 100644 --- a/2023/28xxx/CVE-2023-28397.json +++ b/2023/28xxx/CVE-2023-28397.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Aptio* V UEFI Firmware Integrator Tools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/28xxx/CVE-2023-28401.json b/2023/28xxx/CVE-2023-28401.json index 6f95cf9aa3c..46fcfb31376 100644 --- a/2023/28xxx/CVE-2023-28401.json +++ b/2023/28xxx/CVE-2023-28401.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Out-of-bounds write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4255" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" } ] } diff --git a/2023/28xxx/CVE-2023-28404.json b/2023/28xxx/CVE-2023-28404.json index b2c6a3bdd5e..9bd70b54b2e 100644 --- a/2023/28xxx/CVE-2023-28404.json +++ b/2023/28xxx/CVE-2023-28404.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + }, + { + "lang": "eng", + "value": "Out-of-bounds read", + "cweId": "CWE-125" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4255" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.8, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2023/28xxx/CVE-2023-28723.json b/2023/28xxx/CVE-2023-28723.json index 81e21802dab..d7ab4f5bd36 100644 --- a/2023/28xxx/CVE-2023-28723.json +++ b/2023/28xxx/CVE-2023-28723.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + }, + { + "lang": "eng", + "value": "Exposure of sensitive information to an unauthorized actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Aptio* V UEFI Firmware Integrator Tools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "some Intel(R) Aptio* V UEFI Firmware Integrator Tools" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.3, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" } ] } diff --git a/2023/28xxx/CVE-2023-28737.json b/2023/28xxx/CVE-2023-28737.json index 9df170d68fa..b6e86d4344d 100644 --- a/2023/28xxx/CVE-2023-28737.json +++ b/2023/28xxx/CVE-2023-28737.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-28737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper initialization", + "cweId": "CWE-665" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Aptio* V UEFI Firmware Integrator Tools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "See references" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/29xxx/CVE-2023-29157.json b/2023/29xxx/CVE-2023-29157.json index 266b55b8314..4862203158a 100644 --- a/2023/29xxx/CVE-2023-29157.json +++ b/2023/29xxx/CVE-2023-29157.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29157", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) OFU software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 14.1.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/29xxx/CVE-2023-29161.json b/2023/29xxx/CVE-2023-29161.json index 2b87ee3827e..08aa41373ba 100644 --- a/2023/29xxx/CVE-2023-29161.json +++ b/2023/29xxx/CVE-2023-29161.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29161", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Uncontrolled search path", + "cweId": "CWE-427" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) OFU software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 14.1.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/29xxx/CVE-2023-29165.json b/2023/29xxx/CVE-2023-29165.json index 8001e69f4b0..2eb71fb4613 100644 --- a/2023/29xxx/CVE-2023-29165.json +++ b/2023/29xxx/CVE-2023-29165.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-29165", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Unquoted search path or element", + "cweId": "CWE-428" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 31.0.101.4255" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/31xxx/CVE-2023-31203.json b/2023/31xxx/CVE-2023-31203.json index dbf95a9d1c3..c74bec77c98 100644 --- a/2023/31xxx/CVE-2023-31203.json +++ b/2023/31xxx/CVE-2023-31203.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + }, + { + "lang": "eng", + "value": "Improper input validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenVINO Model Server software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 2022.3 for Intel Distribution of OpenVINO toolkit" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00901.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" } ] } diff --git a/2023/31xxx/CVE-2023-31273.json b/2023/31xxx/CVE-2023-31273.json index b02b6cb493e..47a15dbd503 100644 --- a/2023/31xxx/CVE-2023-31273.json +++ b/2023/31xxx/CVE-2023-31273.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31273", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Protection mechanism failure", + "cweId": "CWE-693" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel DCM software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 5.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00902.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/32xxx/CVE-2023-32204.json b/2023/32xxx/CVE-2023-32204.json index 6918bf3dbbb..18906a0d708 100644 --- a/2023/32xxx/CVE-2023-32204.json +++ b/2023/32xxx/CVE-2023-32204.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32204", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Improper access control", + "cweId": "CWE-284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) OFU software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 14.1.31" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00900.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] } diff --git a/2023/32xxx/CVE-2023-32278.json b/2023/32xxx/CVE-2023-32278.json index 73397164d42..1b3d93b8a15 100644 --- a/2023/32xxx/CVE-2023-32278.json +++ b/2023/32xxx/CVE-2023-32278.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-32278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + }, + { + "lang": "eng", + "value": "Path transversal", + "cweId": "CWE-249" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "before version 1.0.1.7 for Intel(R) NUC Software Studio" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html", + "refsource": "MISC", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00908.html" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" } ] }