V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2023-22297
CVE
High

Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to…

CVSS
7.8
High
EPSS
0.00
p10
Published
2023-01-01
Updated
2023-01-01
Description

Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.

Tags · CWE
CWE-788
Affected products
Server_system_d50tnp1mhcpac_firmwareServer_system_d50tnp1mhcrac_firmwareServer_system_d50tnp1mhcrlc_firmwareServer_system_d50tnp2mfalac_firmwareServer_system_d50tnp2mhstac_firmwareServer_system_d50tnp2mhsvac_firmwareServer_system_m50cyp1ur204_firmwareServer_system_m50cyp1ur212_firmwareServer_system_m50cyp2ur208_firmwareServer_system_m50cyp2ur312_firmware
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2023-01-01
Published
2023-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.002 · p10
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Intel
Server System D50tnp1mhcpacServer System D50tnp1mhcpac FirmwareServer System D50tnp1mhcracServer System D50tnp1mhcrac FirmwareServer System D50tnp1mhcrlcServer System D50tnp1mhcrlc FirmwareServer System D50tnp2mfalacServer System D50tnp2mfalac FirmwareServer System D50tnp2mhstacServer System D50tnp2mhstac Firmware+10
ProductVendorStatus
server_system_d50tnp1mhcpac_firmware*Tracked
server_system_d50tnp1mhcrac_firmware*Tracked
server_system_d50tnp1mhcrlc_firmware*Tracked
server_system_d50tnp2mfalac_firmware*Tracked
server_system_d50tnp2mhstac_firmware*Tracked
server_system_d50tnp2mhsvac_firmware*Tracked
server_system_m50cyp1ur204_firmware*Tracked
server_system_m50cyp1ur212_firmware*Tracked
server_system_m50cyp2ur208_firmware*Tracked
server_system_m50cyp2ur312_firmware*Tracked
Source databases
CVE