Vulnerabilites related to intel - nma1xxd256gpsuf
Vulnerability from fkie_nvd
Published
2024-02-14 14:15
Modified
2025-02-20 15:10
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0ABBD3-228C-4F02-8BC9-2545FC57E49A",
"versionEndExcluding": "01.00.00.3547",
"versionStartIncluding": "01.00.00.3072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nma1xxd128gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA3959A-A077-420F-9CF0-FCF926F78A1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd128gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C49C3C48-9452-417D-91A3-6282A5DF564E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd256gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF7A9E1-9610-42F8-BE3C-50B6C70EC2CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd256gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B5FFA-FD00-490D-9E33-2ADC23369773",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd512gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77357E64-833C-46E7-B84F-29F7ED3D0F31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd512gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E373F80-B81E-4B7F-9407-DD918E39DA90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA941AF-27A6-47B7-B2BC-1D9A88444664",
"versionEndExcluding": "02.00.00.3915",
"versionStartIncluding": "02.00.00.3423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nmb1xxd128gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBED201B-A64E-441E-A952-B3C8C56F87C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd128gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29CD8FF9-DA6B-4293-8F4B-8B4A02C4C1E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd256gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905C0399-6E5D-4D42-AA3D-D0ECC9117D9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd256gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7380A6-CB51-4205-AAD7-AB75AB2638B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd512gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A86746AA-047D-4F7F-BD7F-0D18BF47F5EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmb1xxd512gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3BC795-DAA0-48C5-BEBC-4A96B4FD3D0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AB913F-BA30-4911-BC6F-083DFF14F9E6",
"versionEndExcluding": "03.00.00.0483",
"versionStartIncluding": "03.00.00.0302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nmc2xxd128gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D76D5AB-0CF5-40E5-8DA5-31E27F58F236",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmc2xxd256gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "541DF110-3539-4F20-BAE9-039A969B1763",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nmc2xxd512gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1535ED-13DC-4C08-BA2D-E8BE50C4A6CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en algunos software Intel(R) Optane(TM) PMem anteriores a las versiones 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 puede permitir que un usuario autentificado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2023-27517",
"lastModified": "2025-02-20T15:10:10.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T14:15:47.313",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 14:15
Modified
2025-02-20 15:02
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | optane_persistent_memory_firmware | * | |
| intel | nma1xxd128gpsu4 | - | |
| intel | nma1xxd128gpsuf | - | |
| intel | nma1xxd256gpsu4 | - | |
| intel | nma1xxd256gpsuf | - | |
| intel | nma1xxd512gpsu4 | - | |
| intel | nma1xxd512gpsuf | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B89B9F7-B599-4A97-9938-64D37065370C",
"versionEndExcluding": "01.00.00.3547",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:nma1xxd128gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA3959A-A077-420F-9CF0-FCF926F78A1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd128gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C49C3C48-9452-417D-91A3-6282A5DF564E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd256gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF7A9E1-9610-42F8-BE3C-50B6C70EC2CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd256gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E29B5FFA-FD00-490D-9E33-2ADC23369773",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd512gpsu4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77357E64-833C-46E7-B84F-29F7ED3D0F31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:intel:nma1xxd512gpsuf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E373F80-B81E-4B7F-9407-DD918E39DA90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en algunos software de administraci\u00f3n Intel(R) Optane(TM) PMem serie 100 anteriores a la versi\u00f3n 01.00.00.3547 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2023-22311",
"lastModified": "2025-02-20T15:02:08.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T14:15:38.517",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-22311
Vulnerability from cvelistv5
Published
2024-02-14 13:38
Modified
2024-08-02 10:07
Severity ?
EPSS score ?
Summary
Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) PMem 100 Series Management Software |
Version: before version 01.00.00.3547 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) PMem 100 Series Management Software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 01.00.00.3547"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Optane(TM) PMem 100 Series Management Software before version 01.00.00.3547 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T13:38:00.411Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22311",
"datePublished": "2024-02-14T13:38:00.411Z",
"dateReserved": "2023-01-27T04:00:04.114Z",
"dateUpdated": "2024-08-02T10:07:05.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27517
Vulnerability from cvelistv5
Published
2024-02-14 13:38
Modified
2024-08-16 15:51
Severity ?
EPSS score ?
Summary
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) Optane(TM) PMem software |
Version: before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intel:optane_persistent_memory_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "optane_persistent_memory_firmware",
"vendor": "intel",
"versions": [
{
"lessThan": "01.00.00.3547",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "02.00.00.3915",
"status": "affected",
"version": "02.00.00.0000",
"versionType": "custom"
},
{
"lessThan": "03.00.00.0483",
"status": "affected",
"version": "03.00.00.0000",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T19:23:57.345801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:51:16.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Optane(TM) PMem software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T13:38:00.967Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27517",
"datePublished": "2024-02-14T13:38:00.967Z",
"dateReserved": "2023-03-29T03:00:02.583Z",
"dateUpdated": "2024-08-16T15:51:16.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}