mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
123 lines
3.5 KiB
JSON
123 lines
3.5 KiB
JSON
{
|
|
"id": "CVE-2023-31349",
|
|
"sourceIdentifier": "psirt@amd.com",
|
|
"published": "2024-08-13T17:15:21.500",
|
|
"lastModified": "2024-12-12T01:21:40.263",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Incorrect default permissions in the AMD \u03bcProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Los permisos predeterminados incorrectos en el directorio de instalaci\u00f3n de AMD ?Prof podr\u00edan permitir que un atacante logre una escalada de privilegios, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "psirt@amd.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.3,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.3,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@amd.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-276"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-276"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:linux:*:*",
|
|
"versionEndExcluding": "4.1.424",
|
|
"matchCriteriaId": "4B13FA61-9E51-45AF-A0F8-0C3A518B390A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:freebsd:*:*",
|
|
"versionEndExcluding": "4.2.816",
|
|
"matchCriteriaId": "50D6F227-1657-451F-AF90-A68B6A4BF03A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:amd:uprof:*:*:*:*:*:windows:*:*",
|
|
"versionEndExcluding": "4.2.845",
|
|
"matchCriteriaId": "E175F21E-6872-42B1-8C4C-6B473440EE12"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001",
|
|
"source": "psirt@amd.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |