CVE-2023-34431

Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:server_board_m70klp2sb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_m70klp2sb:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:intel:server_system_m70klp4s2uhh:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_system_m70klp4s2uhh_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:intel:server_board_m20ntp2sb:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_m20ntp2sb_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:intel:server_system_m20ntp1ur304:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_system_m20ntp1ur304_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:intel:server_board_m10jnp2sb:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_m10jnp2sb_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:intel:server_board_s2600bpbr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_s2600bpbr_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:h:intel:server_board_s2600bps:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_s2600bps_firmware:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:h:intel:server_board_s2600bpsr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_s2600bpsr_firmware:*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:h:intel:server_board_s2600bpqr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_s2600bpqr_firmware:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:h:intel:server_board_s2600bpb:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_s2600bpb_firmware:*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:h:intel:server_board_s2600bpq:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:server_board_s2600bpq_firmware:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:h:intel:compute_module_hns2600bpblcr:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:compute_module_hns2600bpblcr_firmware:*:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:h:intel:compute_module_hns2600bpblc:-:*:*:*:*:*:*:*

cpe:2.3:o:intel:compute_module_hns2600bpblc_firmware:*:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpblc24r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpblc24r:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bps_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bps:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bps24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bps24:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpbr:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpqr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpqr:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpsr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpsr:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bps24r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bps24r:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpq24r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpb24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpb24:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpb:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpblc24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpblc24:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpq_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpq:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:intel:compute_module_hns2600bpq24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpq24:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:intel:compute_module_liquid-cooled_hns2600bpbrct_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_liquid-cooled_hns2600bpbrct:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:intel:server_system_vrn2224bpaf6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_vrn2224bpaf6:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:intel:server_system_vrn2224bphy6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_vrn2224bphy6:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:intel:server_system_mcb2208wfaf5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_mcb2208wfaf5:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:intel:server_system_zsb2224bpaf2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_zsb2224bpaf2:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:intel:server_system_zsb2224bphy1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_zsb2224bphy1:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:intel:server_system_zsb2224bpaf1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_zsb2224bpaf1:-:*:*:*:*:*:*:*

History

20 Nov 2023, 20:55

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-14 19:15

Updated : 2024-08-30 17:35

NVD link : CVE-2023-34431

Mitre link : CVE-2023-34431

CVE.ORG link : CVE-2023-34431

JSON object : View

Products Affected

intel

compute_module_hns2600bps24r
compute_module_liquid-cooled_hns2600bpbrct_firmware
server_system_vrn2224bpaf6
compute_module_hns2600bpblc
compute_module_hns2600bpblc24r
server_board_m10jnp2sb_firmware
server_board_s2600bps
compute_module_hns2600bpbr_firmware
server_board_m70klp2sb_firmware
compute_module_hns2600bpbr
compute_module_hns2600bpqr_firmware
server_board_s2600bps_firmware
compute_module_hns2600bpb_firmware
compute_module_hns2600bpsr_firmware
compute_module_hns2600bps
compute_module_hns2600bpq24_firmware
compute_module_hns2600bpb24
server_board_m10jnp2sb
server_board_s2600bpbr
server_system_zsb2224bpaf1_firmware
compute_module_hns2600bpq24r_firmware
server_system_vrn2224bphy6
compute_module_hns2600bpb24_firmware
server_board_s2600bpsr_firmware
compute_module_hns2600bps24
compute_module_hns2600bpq24r
server_system_zsb2224bpaf1
server_system_m70klp4s2uhh
compute_module_hns2600bps24r_firmware
compute_module_hns2600bpblc24_firmware
compute_module_hns2600bpb
server_board_s2600bpqr_firmware
server_system_m20ntp1ur304_firmware
server_board_m20ntp2sb
compute_module_hns2600bpq
compute_module_liquid-cooled_hns2600bpbrct
server_board_s2600bpq
server_system_vrn2224bpaf6_firmware
compute_module_hns2600bpblc24
compute_module_hns2600bpblcr_firmware
server_system_vrn2224bphy6_firmware
server_system_m70klp4s2uhh_firmware
server_board_s2600bpb
compute_module_hns2600bpqr
compute_module_hns2600bpsr
server_board_s2600bpqr
server_board_s2600bpq_firmware
server_system_zsb2224bpaf2
server_system_zsb2224bpaf2_firmware
server_board_m20ntp2sb_firmware
server_system_mcb2208wfaf5_firmware
server_system_m20ntp1ur304
server_system_mcb2208wfaf5
server_system_zsb2224bphy1_firmware
compute_module_hns2600bpblc_firmware
compute_module_hns2600bpblcr
server_board_m70klp2sb
server_board_s2600bpsr
server_board_s2600bpb_firmware
compute_module_hns2600bpq24
server_system_zsb2224bphy1
compute_module_hns2600bps24_firmware
server_board_s2600bpbr_firmware
compute_module_hns2600bpblc24r_firmware
compute_module_hns2600bps_firmware
compute_module_hns2600bpq_firmware

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

6.7 /10