Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45236 (GCVE-0-2023-45236)
Vulnerability from cvelistv5 – Published: 2024-01-16 16:10 – Updated: 2025-11-04 18:17
VLAI?
EPSS
Title
Predictable TCP ISNs in EDK II Network Package
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
Severity ?
5.8 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Credits
Quarkslab Vulnerability Reports Team
Doug Flick
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:17:41.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
},
{
"url": "https://www.kb.cert.org/vuls/id/132380"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45236",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:43:01.945966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:08:46.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "edk2",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "edk2-stable202308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quarkslab Vulnerability Reports Team"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Doug Flick"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
}
],
"value": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
}
],
"impacts": [
{
"capecId": "CAPEC-13",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-13 Subverting Environment Variable Values"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T17:06:52.762Z",
"orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"shortName": "TianoCore"
},
"references": [
{
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Predictable TCP ISNs in EDK II Network Package",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"assignerShortName": "TianoCore",
"cveId": "CVE-2023-45236",
"datePublished": "2024-01-16T16:10:38.262Z",
"dateReserved": "2023-10-05T20:48:19.879Z",
"dateUpdated": "2025-11-04T18:17:41.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/16/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/132380\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T18:17:41.127Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45236\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T15:43:01.945966Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T15:43:03.599Z\"}}], \"cna\": {\"title\": \"Predictable TCP ISNs in EDK II Network Package\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Quarkslab Vulnerability Reports Team\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Doug Flick\"}], \"impacts\": [{\"capecId\": \"CAPEC-13\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-13 Subverting Environment Variable Values\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TianoCore\", \"product\": \"edk2\", \"versions\": [{\"status\": \"affected\", \"version\": \"edk2-stable202308\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/16/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240307-0011/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\\n vulnerability can be exploited by an attacker to gain unauthorized \\naccess and potentially lead to a loss of Confidentiality.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\\n vulnerability can be exploited by an attacker to gain unauthorized \\naccess and potentially lead to a loss of Confidentiality.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"65518388-201a-4f93-8712-366d21fe8d2c\", \"shortName\": \"TianoCore\", \"dateUpdated\": \"2024-03-07T17:06:52.762Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45236\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T18:17:41.127Z\", \"dateReserved\": \"2023-10-05T20:48:19.879Z\", \"assignerOrgId\": \"65518388-201a-4f93-8712-366d21fe8d2c\", \"datePublished\": \"2024-01-16T16:10:38.262Z\", \"assignerShortName\": \"TianoCore\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2023-45236
Vulnerability from fkie_nvd - Published: 2024-01-16 16:15 - Updated: 2025-11-04 19:16
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B",
"versionEndIncluding": "202311",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality."
},
{
"lang": "es",
"value": "EDK2\u0027s Network Package es susceptible a Initial Sequence Number TCP predecible. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."
}
],
"id": "CVE-2023-45236",
"lastModified": "2025-11-04T19:16:01.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "infosec@edk2.groups.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T16:15:12.820",
"references": [
{
"source": "infosec@edk2.groups.io",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"source": "infosec@edk2.groups.io",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"source": "infosec@edk2.groups.io",
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/132380"
}
],
"sourceIdentifier": "infosec@edk2.groups.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "infosec@edk2.groups.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FQC4-FFQ5-4R98
Vulnerability from github – Published: 2024-01-16 18:31 – Updated: 2025-11-04 21:31
VLAI?
Details
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
Severity ?
5.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-45236"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-16T16:15:12Z",
"severity": "MODERATE"
},
"details": "EDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.",
"id": "GHSA-fqc4-ffq5-4r98",
"modified": "2025-11-04T21:31:04Z",
"published": "2024-01-16T18:31:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45236"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240307-0011"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/132380"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
cve-2023-45236
Vulnerability from osv_almalinux
Published
2024-08-13 00:00
Modified
2024-08-21 12:03
Summary
Moderate: edk2 security update
Details
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
- edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)
- edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)
- edk2: Temporary DoS vulnerability (CVE-2024-1298)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "edk2-aarch64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20220126gitbb1bba3d77-13.el8_10.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "edk2-ovmf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20220126gitbb1bba3d77-13.el8_10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. \n\nSecurity Fix(es):\n\n* edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)\n* edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)\n* edk2: Temporary DoS vulnerability (CVE-2024-1298)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:5297",
"modified": "2024-08-21T12:03:25Z",
"published": "2024-08-13T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:5297"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-45236"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-45237"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-1298"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258703"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258706"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2284243"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-5297.html"
}
],
"related": [
"CVE-2023-45236",
"CVE-2023-45237",
"CVE-2024-1298"
],
"summary": "Moderate: edk2 security update"
}
cve-2023-45236
Vulnerability from osv_almalinux
Published
2024-07-23 00:00
Modified
2024-07-25 08:35
Summary
Moderate: edk2 security update
Details
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
- EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)
- edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)
- edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "edk2-aarch64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231122-6.el9_4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "edk2-ovmf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231122-6.el9_4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "edk2-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231122-6.el9_4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "edk2-tools-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20231122-6.el9_4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. \n\nSecurity Fix(es):\n\n* EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W (CVE-2022-36765)\n* edk2: Predictable TCP Initial Sequence Numbers (CVE-2023-45236)\n* edk2: Use of a Weak PseudoRandom Number Generator (CVE-2023-45237)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:4749",
"modified": "2024-07-25T08:35:23Z",
"published": "2024-07-23T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:4749"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-36765"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-45236"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-45237"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2257584"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258703"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2258706"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-4749.html"
}
],
"related": [
"CVE-2022-36765",
"CVE-2023-45236",
"CVE-2023-45237"
],
"summary": "Moderate: edk2 security update"
}
CVE-2023-45236
Vulnerability from fstec - Published: 16.01.2024
VLAI Severity ?
Title
Уязвимость компонента TCP Initial Sequence Number Handler библиотеки Tianocore EDK2, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным
Description
Уязвимость компонента TCP Initial Sequence Number Handler библиотеки Tianocore EDK2 связана с переполнением буфера. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить несанкционированный доступ к конфиденциальным данным
Severity ?
Vendor
ООО «Ред Софт», ООО «РусБИТех-Астра», Tianocore
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), edk2
Software Version
7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), до 202311 включительно (edk2)
Possible Mitigations
Использование рекомендаций:
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Astra Linux:
обновить пакет edk2 до 2024.02-2.astra.se03 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
Reference
https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h
http://www.openwall.com/lists/oss-security/2024/01/16/2l
https://security-tracker.debian.org/tracker/CVE-2023-45236
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
CWE
CWE-200
{
"CVSS 2.0": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Tianocore",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), \u0434\u043e 202311 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (edk2)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 edk2 \u0434\u043e 2024.02-2.astra.se03 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.01.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "02.04.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.01.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00658",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-45236",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), edk2",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 TCP Initial Sequence Number Handler \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Tianocore EDK2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 TCP Initial Sequence Number Handler \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Tianocore EDK2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h\nhttp://www.openwall.com/lists/oss-security/2024/01/16/2l\nhttps://security-tracker.debian.org/tracker/CVE-2023-45236\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}
GSD-2023-45236
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-45236",
"id": "GSD-2023-45236"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-45236"
],
"details": " \nEDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.\n\n\n\n",
"id": "GSD-2023-45236",
"modified": "2023-12-13T01:20:38.007215Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "infosec@edk2.groups.io",
"ID": "CVE-2023-45236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "edk2",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "edk2-stable202308"
}
]
}
}
]
},
"vendor_name": "TianoCore"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Quarkslab Vulnerability Reports Team"
},
{
"lang": "en",
"value": "Doug Flick"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": " \nEDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.\n\n\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-200",
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h",
"refsource": "MISC",
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"name": "http://www.openwall.com/lists/oss-security/2024/01/16/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20240307-0011/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEB3105-57CC-4096-81D3-D58005813C4B",
"versionEndIncluding": "202311",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " \nEDK2\u0027s Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.\n\n\n\n"
},
{
"lang": "es",
"value": "EDK2\u0027s Network Package es susceptible a Initial Sequence Number TCP predecible. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado y potencialmente provocar una p\u00e9rdida de confidencialidad."
}
],
"id": "CVE-2023-45236",
"lastModified": "2024-03-07T17:15:10.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "infosec@edk2.groups.io",
"type": "Secondary"
}
]
},
"published": "2024-01-16T16:15:12.820",
"references": [
{
"source": "infosec@edk2.groups.io",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
},
{
"source": "infosec@edk2.groups.io",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"source": "infosec@edk2.groups.io",
"url": "https://security.netapp.com/advisory/ntap-20240307-0011/"
}
],
"sourceIdentifier": "infosec@edk2.groups.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "infosec@edk2.groups.io",
"type": "Secondary"
}
]
}
}
}
}
CERTFR-2024-AVI-0679
Vulnerability from certfr_avis - Published: 2024-08-14 - Updated: 2024-08-14
De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel ISH software for 11th Generation Intel Core Processor Family versions antérieures à 5.4.1.4479 | ||
| Intel | N/A | Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions antérieures à 5.4.1.4479 | ||
| Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions antérieures à 5.05.04.0008 | ||
| Intel | N/A | Intel Advisor software versions antérieures à 2024.1 | ||
| Intel | N/A | LAPAC71G and LAPAC71H versions antérieures à 0065 | ||
| Intel | N/A | Intel Trace Analyzer and Collector versions antérieures à 2022.1 | ||
| Intel | N/A | Intel oneAPI Base Toolkits versions antérieures à 2024.1 | ||
| Intel | N/A | Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4 | ||
| Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions antérieures à 5.27.06.0019 | ||
| Intel | N/A | Intel Quartus Prime Pro Edition Design software versions antérieures à 23.4 | ||
| Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions antérieures à 5.27.03.0006 | ||
| Intel | N/A | Intel Distribution pour Python pour Windows versions antérieures à 2024.1 | ||
| Intel | N/A | Intel MPI Library versions antérieures à 2021.12 | ||
| Intel | N/A | Intel MAS (GUI) versions antérieures à 2.5.0 | ||
| Intel | N/A | Intel Simics Package Manager software versions antérieures à 1.8.3. | ||
| Intel | N/A | Intel Fortran Compiler versions antérieures à 2024.1 | ||
| Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions antérieures à 5.05.04.0008 | ||
| Intel | N/A | Intel Agilex FPGA 7 FPGA firmware versions antérieures à 24.1 | ||
| Intel | N/A | Intel NUC X15 Laptop | ||
| Intel | N/A | LAPKC51E, LAPKC71E, LAPKC71F versions antérieures à 0048 | ||
| Intel | N/A | Intel High Level Synthesis Compiler software versions antérieures à 23.4 | ||
| Intel | N/A | Intel FPGA SDK for OpenCL software technology, toutes versions | ||
| Intel | N/A | Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510 | ||
| Intel | N/A | Intel IPP Cryptography software versions antérieures à 2021.11 | ||
| Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions antérieures à 5.13.00.2106 | ||
| Intel | N/A | Intel VTune Profiler software versions antérieures à 2024.1 | ||
| Intel | N/A | Intel Ethernet Adapter Complete Driver Pack software versions antérieures à 28.3 | ||
| Intel | N/A | Intel HID Event Filter software versions antérieures à 2.2.2.1 | ||
| Intel | N/A | Intel Connectivity Performance Suite software versions antérieures à 2.0 | ||
| Intel | N/A | Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E. | ||
| Intel | N/A | Intel CIP software versions antérieures à 2.4.10717 | ||
| Intel | N/A | Intel oneAPI Base Toolkit versions antérieures à 2024.1 | ||
| Intel | N/A | Intel oneAPI HPC Toolkit versions antérieures à 2024.1.0. | ||
| Intel | N/A | Intel(R) Ethernet Controllers E800 Series avec des versions antérieures à NIC1.3 PV, NVM avec versions d'images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3. | ||
| Intel | N/A | Intel oneAPI DPC++/C++ Compiler versions antérieures à 2024.1. | ||
| Intel | N/A | Flexlm License Daemons for Intel FPGA Software version v11.19.5.0 | ||
| Intel | N/A | Intel Quartus Prime Pro Edition Design Software versions antérieures à 24.1 | ||
| Intel | N/A | Intel ISH software for 12th Generation Intel Core Processor Family versions antérieures à 5.4.2.4594 | ||
| Intel | N/A | Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510 | ||
| Intel | N/A | Intel Unite Client Extended Display Plugin software installer, toutes versions | ||
| Intel | N/A | Intel DPC++ C++ Compiler software versions antérieures à 2024.1 | ||
| Intel | N/A | Intel(R) Ethernet Complete Driver Pack versions antérieures à 28.3 | ||
| Intel | N/A | Intel Arc Iris Xe Graphics versions antérieures à 31.0.101.4824 | ||
| Intel | N/A | Intel TDX module software versions 1.5.05.46.698 | ||
| Intel | N/A | Intel Integrated Performance Primitive versions antérieures à 2021.11 | ||
| Intel | N/A | LAPRC510, LAPRC710 versions antérieures à 0066 | ||
| Intel | N/A | Intel Data Center GPU Max Series 1100 et 1550 | ||
| Intel | N/A | Intel oneAPI Base Toolkit software versions antérieures à 2024.1 | ||
| Intel | N/A | Intel Distribution pour GDB software versions antérieures à 2024.0.1 | ||
| Intel | N/A | Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions antérieures à 5.13.00.2109 | ||
| Intel | N/A | LAPBC510 and LAPBC710 versions antérieures à 0083 | ||
| Intel | N/A | BMRA software versions antérieures à 22.08 | ||
| Intel | N/A | Intel Graphics Performance Analyzers (Intel GPA) software versions antérieures à 2023.4 | ||
| Intel | N/A | Intel License Manager for FLEXlm product versions antérieures à 11.19.5.0 | ||
| Intel | N/A | VTune Profiler versions antérieures à VTune 2024.1 | ||
| Intel | N/A | Processeurs Intel Xeon Scalable de 4ème et 5ème génération | ||
| Intel | N/A | Intel oneAPI HPC Toolkit versions antérieures à 2024.1 | ||
| Intel | N/A | Intel VROC versions antérieures à 8.6.0.1191 | ||
| Intel | N/A | Intel GPA software versions antérieures à 2024.1 | ||
| Intel | N/A | Intel TDX module software versions antérieures à TDX 1.5.01.00.592 | ||
| Intel | N/A | Intel oneAPI Math Kernel Library versions antérieures à 2024.1 | ||
| Intel | N/A | Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions antérieures à 5.4.2.4594 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel ISH software for 11th Generation Intel Core Processor Family versions ant\u00e9rieures \u00e0 5.4.1.4479",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ISH software for Intel NUC M15 Laptop Kits LAPBC710 and LAPBC510 versions ant\u00e9rieures \u00e0 5.4.1.4479",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgLnx software versions ant\u00e9rieures \u00e0 5.05.04.0008",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Advisor software versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "LAPAC71G and LAPAC71H versions ant\u00e9rieures \u00e0 0065",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trace Analyzer and Collector versions ant\u00e9rieures \u00e0 2022.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Base Toolkits versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel(R) Ethernet Controllers E800 Series with NVM image versions 4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEditLnx software versions ant\u00e9rieures \u00e0 5.27.06.0019",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Pro Edition Design software versions ant\u00e9rieures \u00e0 23.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iDmiEdit-Win software versions ant\u00e9rieures \u00e0 5.27.03.0006",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution pour Python pour Windows versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel MPI Library versions ant\u00e9rieures \u00e0 2021.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel MAS (GUI) versions ant\u00e9rieures \u00e0 2.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Simics Package Manager software versions ant\u00e9rieures \u00e0 1.8.3.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Fortran Compiler versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iSetupCfgWin software versions ant\u00e9rieures \u00e0 5.05.04.0008",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Agilex FPGA 7 FPGA firmware versions ant\u00e9rieures \u00e0 24.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC X15 Laptop",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "LAPKC51E, LAPKC71E, LAPKC71F versions ant\u00e9rieures \u00e0 0048",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel High Level Synthesis Compiler software versions ant\u00e9rieures \u00e0 23.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel FPGA SDK for OpenCL software technology, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC M15 Laptop Kits: LAPRC710, LAPRC510",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel IPP Cryptography software versions ant\u00e9rieures \u00e0 2021.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVLnx software versions ant\u00e9rieures \u00e0 5.13.00.2106",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel VTune Profiler software versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Ethernet Adapter Complete Driver Pack software versions ant\u00e9rieures \u00e0 28.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel HID Event Filter software versions ant\u00e9rieures \u00e0 2.2.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Connectivity Performance Suite software versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC X15 Laptop Kits: LAPAC71G, LAPAC71H, LAPKC71F, LAPKC71E, LAPKC51E.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CIP software versions ant\u00e9rieures \u00e0 2.4.10717",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Base Toolkit versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2024.1.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel(R) Ethernet Controllers E800 Series avec des versions ant\u00e9rieures \u00e0 NIC1.3 PV, NVM avec versions d\u0027images avant 3.36 et Intel(R) Ethernet Complete Driver Pack 28.3.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI DPC++/C++ Compiler versions ant\u00e9rieures \u00e0 2024.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Flexlm License Daemons for Intel FPGA Software version v11.19.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Pro Edition Design Software versions ant\u00e9rieures \u00e0 24.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ISH software for 12th Generation Intel Core Processor Family versions ant\u00e9rieures \u00e0 5.4.2.4594",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC M15 Laptop Kits: LAPBC710, LAPBC510, LAPRC710, LAPRC510",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Unite Client Extended Display Plugin software installer, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel DPC++ C++ Compiler software versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel(R) Ethernet Complete Driver Pack versions ant\u00e9rieures \u00e0 28.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Arc Iris Xe Graphics versions ant\u00e9rieures \u00e0 31.0.101.4824",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel TDX module software versions 1.5.05.46.698",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Integrated Performance Primitive versions ant\u00e9rieures \u00e0 2021.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "LAPRC510, LAPRC710 versions ant\u00e9rieures \u00e0 0066",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Data Center GPU Max Series 1100 et 1550",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Base Toolkit software versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution pour GDB software versions ant\u00e9rieures \u00e0 2024.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Aptio V UEFI Firmware Integrator Tools for Intel NUC iFlashVWin software versions ant\u00e9rieures \u00e0 5.13.00.2109",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "LAPBC510 and LAPBC710 versions ant\u00e9rieures \u00e0 0083",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "BMRA software versions ant\u00e9rieures \u00e0 22.08",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Graphics Performance Analyzers (Intel GPA) software versions ant\u00e9rieures \u00e0 2023.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel License Manager for FLEXlm product versions ant\u00e9rieures \u00e0 11.19.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "VTune Profiler versions ant\u00e9rieures \u00e0 VTune 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeurs Intel Xeon Scalable de 4\u00e8me et 5\u00e8me g\u00e9n\u00e9ration",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel VROC versions ant\u00e9rieures \u00e0 8.6.0.1191",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel GPA software versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel TDX module software versions ant\u00e9rieures \u00e0 TDX 1.5.01.00.592",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Math Kernel Library versions ant\u00e9rieures \u00e0 2024.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ISH software for Intel NUC M15 Laptop Kits LAPRC710 and LAPRC510 versions ant\u00e9rieures \u00e0 5.4.2.4594",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-23495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23495"
},
{
"name": "CVE-2024-21801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21801"
},
{
"name": "CVE-2024-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21844"
},
{
"name": "CVE-2024-23497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23497"
},
{
"name": "CVE-2023-45230",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45230"
},
{
"name": "CVE-2024-21784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21784"
},
{
"name": "CVE-2022-36763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36763"
},
{
"name": "CVE-2023-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39539"
},
{
"name": "CVE-2024-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21857"
},
{
"name": "CVE-2024-24980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24980"
},
{
"name": "CVE-2024-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21787"
},
{
"name": "CVE-2024-26027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26027"
},
{
"name": "CVE-2024-27461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27461"
},
{
"name": "CVE-2023-34424",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34424"
},
{
"name": "CVE-2023-38655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38655"
},
{
"name": "CVE-2024-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23491"
},
{
"name": "CVE-2024-23499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23499"
},
{
"name": "CVE-2023-45229",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45229"
},
{
"name": "CVE-2023-45234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45234"
},
{
"name": "CVE-2023-45236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45236"
},
{
"name": "CVE-2024-24983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24983"
},
{
"name": "CVE-2024-28947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28947"
},
{
"name": "CVE-2024-28887",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28887"
},
{
"name": "CVE-2024-25939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25939"
},
{
"name": "CVE-2024-29015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29015"
},
{
"name": "CVE-2024-25576",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25576"
},
{
"name": "CVE-2024-21769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21769"
},
{
"name": "CVE-2024-24986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24986"
},
{
"name": "CVE-2024-28046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28046"
},
{
"name": "CVE-2023-35061",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35061"
},
{
"name": "CVE-2024-34163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34163"
},
{
"name": "CVE-2024-24973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24973"
},
{
"name": "CVE-2024-26025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26025"
},
{
"name": "CVE-2023-45231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45231"
},
{
"name": "CVE-2022-29871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
},
{
"name": "CVE-2023-43747",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43747"
},
{
"name": "CVE-2023-45237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45237"
},
{
"name": "CVE-2023-40067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40067"
},
{
"name": "CVE-2024-28050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28050"
},
{
"name": "CVE-2024-21810",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21810"
},
{
"name": "CVE-2023-49141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49141"
},
{
"name": "CVE-2023-45233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45233"
},
{
"name": "CVE-2023-45232",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45232"
},
{
"name": "CVE-2024-25562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25562"
},
{
"name": "CVE-2024-23907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23907"
},
{
"name": "CVE-2024-23908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23908"
},
{
"name": "CVE-2024-21807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21807"
},
{
"name": "CVE-2023-35123",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35123"
},
{
"name": "CVE-2024-24977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24977"
},
{
"name": "CVE-2024-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21806"
},
{
"name": "CVE-2024-24580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24580"
},
{
"name": "CVE-2024-22184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22184"
},
{
"name": "CVE-2024-23909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23909"
},
{
"name": "CVE-2023-49144",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49144"
},
{
"name": "CVE-2023-48361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48361"
},
{
"name": "CVE-2024-39283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39283"
},
{
"name": "CVE-2024-23489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23489"
},
{
"name": "CVE-2023-43489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43489"
},
{
"name": "CVE-2024-25561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25561"
},
{
"name": "CVE-2024-22374",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22374"
},
{
"name": "CVE-2023-42667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42667"
},
{
"name": "CVE-2024-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21766"
},
{
"name": "CVE-2024-23974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23974"
},
{
"name": "CVE-2024-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26022"
},
{
"name": "CVE-2024-28172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28172"
},
{
"name": "CVE-2024-28876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28876"
},
{
"name": "CVE-2024-24853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24853"
},
{
"name": "CVE-2023-45235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45235"
},
{
"name": "CVE-2024-22378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22378"
},
{
"name": "CVE-2024-23981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23981"
},
{
"name": "CVE-2024-28953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28953"
},
{
"name": "CVE-2024-22376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22376"
}
],
"initial_release_date": "2024-08-14T00:00:00",
"last_revision_date": "2024-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0679",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01102",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01102.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01172",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01172.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01116",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01129",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00790",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00790.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01070",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01070.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01106",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01106.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01089",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01089.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01121",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01121.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01038",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01113",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01057",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01057.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01046",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01088",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01088.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01122",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01164",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01164.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01130",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01130.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01107",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01107.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01127",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01127.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01112",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01112.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01075",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01095",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01095.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01115",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01010",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01010.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01126",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01126.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01128",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01128.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01087",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01087.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01114",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01094",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01094.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00999",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01083",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01022",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01022.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01117",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01073",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01073.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00918",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01105",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01078",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01078.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01125",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01125.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01072",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01104",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01100",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01118",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-01110",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…