Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-27391 (GCVE-0-2023-27391)
Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2024-10-15 15:08
VLAI?
EPSS
Summary
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit and component software installers |
Affected:
before version 4.3.1.493
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T15:08:31.237109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:08:54.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit and component software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.3.1.493"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:17.469Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27391",
"datePublished": "2023-08-11T02:37:17.469Z",
"dateReserved": "2023-04-07T03:00:04.388Z",
"dateUpdated": "2024-10-15T15:08:54.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:09:43.368Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-27391\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T15:08:31.237109Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-15T15:08:51.711Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) oneAPI Toolkit and component software installers\", \"versions\": [{\"status\": \"affected\", \"version\": \"before version 4.3.1.493\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"Improper access control\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2023-08-11T02:37:17.469Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-27391\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-15T15:08:54.960Z\", \"dateReserved\": \"2023-04-07T03:00:04.388Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2023-08-11T02:37:17.469Z\", \"assignerShortName\": \"intel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0640
Vulnerability from certfr_avis - Published: 2023-08-09 - Updated: 2023-08-09
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
- Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
- Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
- Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
- Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
- Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
- Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
- Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
- Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
- Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
- Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
- Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
- Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
- Client Intel Unite pour Mac versions antérieures à 4.2.11
- Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
- Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
- Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
- System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
- Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
- Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
- Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
- Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
- Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
- logiciel Intel VROC versions antérieures à 8.0.0.4035
- Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
- Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
- Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
- Logiciel Intel Easy Streaming Wizard toutes versions [1]
- Application Android Intel Support versions antérieures à v23.02.07
- Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
- Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
- Logiciel Intel oneMKL versions antérieures à 2022.0
- Logiciel Intel DTT versions antérieures à 8.7.10801.25109
- Logiciel Intel AI Hackathon versions antérieures à 2.0.0
- Logiciel Intel DSA versions antérieures à 23.1.9
- Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
- Outils Intel oneAPI versions antérieures à 2023.1.0
- BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
- Logiciel Intel Manageability Commander versions antérieures à 2.3
- Logiciel Intel Unison versions antérieures à 10.12
- Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
- Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
- Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
- Outils de développement Intel PSR versions antérieures à 1.0.0.20
- Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
- Application Android Intel Unite versions antérieures à 4.2.3504
- Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
- Logiciel Intel ITS versions antérieures à 3.1
- Outils de développement Intel RealSense versions antérieures à 2.53.1
[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible
[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
},
{
"name": "CVE-2023-27509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
},
{
"name": "CVE-2023-31246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
},
{
"name": "CVE-2023-23577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
},
{
"name": "CVE-2022-44611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
},
{
"name": "CVE-2023-28736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
},
{
"name": "CVE-2023-29243",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
},
{
"name": "CVE-2023-34086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
},
{
"name": "CVE-2023-27392",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
},
{
"name": "CVE-2023-24016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
},
{
"name": "CVE-2022-27635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
},
{
"name": "CVE-2023-28823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
},
{
"name": "CVE-2023-22356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
},
{
"name": "CVE-2023-27506",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
},
{
"name": "CVE-2023-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
},
{
"name": "CVE-2022-36372",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
},
{
"name": "CVE-2023-25773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
},
{
"name": "CVE-2023-28658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
},
{
"name": "CVE-2022-37343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
},
{
"name": "CVE-2022-36392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
},
{
"name": "CVE-2023-27515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
},
{
"name": "CVE-2022-38076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
},
{
"name": "CVE-2023-27391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
},
{
"name": "CVE-2022-37336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
},
{
"name": "CVE-2023-28385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
},
{
"name": "CVE-2023-25944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
},
{
"name": "CVE-2023-29500",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
},
{
"name": "CVE-2023-22841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
},
{
"name": "CVE-2022-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
},
{
"name": "CVE-2023-22444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
},
{
"name": "CVE-2023-32609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
},
{
"name": "CVE-2023-28938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
},
{
"name": "CVE-2023-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
},
{
"name": "CVE-2023-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
},
{
"name": "CVE-2023-22276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
},
{
"name": "CVE-2023-33867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
},
{
"name": "CVE-2022-29871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2022-29887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
},
{
"name": "CVE-2023-32656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
},
{
"name": "CVE-2023-22449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
},
{
"name": "CVE-2023-25757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
},
{
"name": "CVE-2023-25182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
},
{
"name": "CVE-2022-29470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
},
{
"name": "CVE-2023-29494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
},
{
"name": "CVE-2023-28380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
},
{
"name": "CVE-2022-41984",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
},
{
"name": "CVE-2023-22840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
},
{
"name": "CVE-2022-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
},
{
"name": "CVE-2023-34355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
},
{
"name": "CVE-2022-38973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
},
{
"name": "CVE-2022-34657",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
},
{
"name": "CVE-2023-29151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
},
{
"name": "CVE-2022-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
},
{
"name": "CVE-2022-36351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
},
{
"name": "CVE-2023-34438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
},
{
"name": "CVE-2023-28405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
},
{
"name": "CVE-2023-34427",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
},
{
"name": "CVE-2023-32663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
},
{
"name": "CVE-2022-41804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
},
{
"name": "CVE-2022-45112",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
},
{
"name": "CVE-2023-27505",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
},
{
"name": "CVE-2023-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
},
{
"name": "CVE-2023-22330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
},
{
"name": "CVE-2023-27887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
},
{
"name": "CVE-2022-43456",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
},
{
"name": "CVE-2023-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-32543",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
},
{
"name": "CVE-2023-34349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
},
{
"name": "CVE-2023-22338",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
},
{
"name": "CVE-2023-26587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
},
{
"name": "CVE-2023-30760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
},
{
"name": "CVE-2022-44612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2022-27879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
},
{
"name": "CVE-2022-25864",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
},
{
"name": "CVE-2023-23908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
},
{
"name": "CVE-2022-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0640",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
}
]
}
GSD-2023-27391
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-27391",
"id": "GSD-2023-27391"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-27391"
],
"details": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GSD-2023-27391",
"modified": "2023-12-13T01:20:56.018055Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2023-27391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) oneAPI Toolkit and component software installers",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before version 4.3.1.493"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
},
{
"cweId": "CWE-284",
"lang": "eng",
"value": "Improper access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"refsource": "MISC",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:open_image_denoise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.4.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:advisor_for_oneapi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:cpu_runtime_for_opencl_applications:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:distribution_for_python_programming_language:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:dpc\\+\\+_compatibility_tool:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:embree_ray_tracing_kernel_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:fortran_compiler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:implicit_spmd_program_compiler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.19.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:inspector_for_oneapi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:ipp_cryptography:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_data_analytics_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_dpc\\+\\+\\/c\\+\\+_compiler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_dpc\\+\\+_library_\\(onedpl\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_threading_building_blocks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.3.1.493",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:oneapi_video_processing_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:open_volume_kernel_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:ospray:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:ospray_studio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:intel:vtune_profiler_for_oneapi:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2023.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2023-27391"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-08-17T17:47Z",
"publishedDate": "2023-08-11T03:15Z"
}
}
}
GHSA-VCWV-3M76-7VFQ
Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:50
VLAI?
Details
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-27391"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T03:15:21Z",
"severity": "MODERATE"
},
"details": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-vcwv-3m76-7vfq",
"modified": "2024-04-04T06:50:59Z",
"published": "2023-08-11T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27391"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2023-27391
Vulnerability from fkie_nvd - Published: 2023-08-11 03:15 - Updated: 2024-11-21 07:52
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | advisor_for_oneapi | * | |
| intel | cpu_runtime_for_opencl_applications | * | |
| intel | distribution_for_python_programming_language | * | |
| intel | dpc\+\+_compatibility_tool | * | |
| intel | embree_ray_tracing_kernel_library | * | |
| intel | fortran_compiler | * | |
| intel | implicit_spmd_program_compiler | * | |
| intel | inspector_for_oneapi | * | |
| intel | integrated_performance_primitives | * | |
| intel | ipp_cryptography | * | |
| intel | mpi_library | * | |
| intel | oneapi_base_toolkit | * | |
| intel | oneapi_data_analytics_library | * | |
| intel | oneapi_deep_neural_network_library | * | |
| intel | oneapi_dpc\+\+\/c\+\+_compiler | * | |
| intel | oneapi_dpc\+\+_library_\(onedpl\) | * | |
| intel | oneapi_hpc_toolkit | * | |
| intel | oneapi_iot_toolkit | * | |
| intel | oneapi_math_kernel_library | * | |
| intel | oneapi_rendering_toolkit | * | |
| intel | oneapi_threading_building_blocks | * | |
| intel | oneapi_toolkit_and_component_software_installer | * | |
| intel | oneapi_video_processing_library | * | |
| intel | open_image_denoise | * | |
| intel | open_volume_kernel_library | * | |
| intel | ospray | * | |
| intel | ospray_studio | * | |
| intel | trace_analyzer_and_collector | * | |
| intel | vtune_profiler_for_oneapi | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:advisor_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2193AD3C-C7CF-47BC-B9C7-043A44263881",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:cpu_runtime_for_opencl_applications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268A0E9F-941F-4D2A-821D-4D1032458484",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:distribution_for_python_programming_language:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C06498-09B0-434E-A9AB-F90225AEDF94",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:dpc\\+\\+_compatibility_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5449D057-151E-49F1-A4F3-9B59BCABAAED",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:embree_ray_tracing_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA34171F-6851-4C68-B9DD-E087DA9CD29D",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:fortran_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6F5C5E-9330-4957-899F-EA81A7829FCE",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:implicit_spmd_program_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "309CC033-7419-45B0-B57E-EDB855D6ED8D",
"versionEndExcluding": "1.19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:inspector_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EFA075-DD70-416E-9591-827FAC2AD89F",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD85FB58-421A-4959-97BD-437D9445767B",
"versionEndExcluding": "2021.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ipp_cryptography:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A27AABCE-03AA-4A04-8950-A7B3AA41829C",
"versionEndExcluding": "2021.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09DEC669-B8A6-4E41-B34C-F6D2F710D96F",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B0E003-2303-4BAA-AAB5-E41672DD36A8",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_data_analytics_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E3234-E4F4-4A1A-92C8-7A71741A2280",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E84AA-7C56-4F06-9CBD-0F8265EA164B",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+\\/c\\+\\+_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86839DB5-6A37-456F-8527-E1D6CFF9592D",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+_library_\\(onedpl\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F404777-A45E-4D04-A459-20440919DA6F",
"versionEndExcluding": "2022.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140E6A32-DD35-4BD9-8810-26359D76FEB7",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F00829C-D33E-4BF6-A699-16C4E7A9E95B",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D429AB0-77B9-4F05-B59B-95DFC3DF9D4F",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7297C4CE-B6AB-4BBA-89DE-CA0865F8CCBB",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_threading_building_blocks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72297C84-0B91-4D8E-A87F-235E3DC346E1",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF1F97-F77D-496F-97F4-E2A706B6AB33",
"versionEndExcluding": "4.3.1.493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_video_processing_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CF5D27-1C7C-4FDF-B3A0-4EE4047195C6",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_image_denoise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B820BD-07FB-48AC-B3E4-F3DCAB991C9B",
"versionEndExcluding": "1.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_volume_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0158081D-D9FD-4918-ADCF-70AB92230B99",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D02EF185-A6E6-4820-A084-60AD061283A7",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7158BB-56CF-40BA-85CF-0B622CC49617",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F034E3C1-6FA9-4F75-80AE-98857F323AA2",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:vtune_profiler_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21CFEA3C-4017-44FB-9A25-193FE8D65375",
"versionEndExcluding": "2023.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2023-27391",
"lastModified": "2024-11-21T07:52:48.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T03:15:21.893",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…