Vulnerability-Lookup

CVE-2023-28711 (GCVE-0-2023-28711)

Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2024-10-02 13:24

Summary

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

denial of service
CWE-691 - Insufficient control flow management

Assigner

intel

References

URL

Tags

http://www.intel.com/content/www/us/en/security-c…

Impacted products

	Vendor	Product	Version
	n/a	Hyperscan Library maintained by Intel(R)	Affected: before version 5.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:23.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html",
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28711",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T13:18:00.167212Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T13:24:53.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hyperscan Library maintained by Intel(R)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 5.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en"
            },
            {
              "cweId": "CWE-691",
              "description": "Insufficient control flow management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-11T02:37:16.933Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html",
          "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-28711",
    "datePublished": "2023-08-11T02:37:16.933Z",
    "dateReserved": "2023-04-01T03:00:04.518Z",
    "dateUpdated": "2024-10-02T13:24:53.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28711\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2023-08-11T03:15:25.803\",\"lastModified\":\"2024-11-21T07:55:51.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-691\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:hyperscan_library:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.4.1\",\"matchCriteriaId\":\"E7DE8624-1CD2-47D5-8C9C-B7210DECA489\"}]}]}],\"references\":[{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T13:43:23.670Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28711\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-02T13:18:00.167212Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-02T13:24:49.309Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Hyperscan Library maintained by Intel(R)\", \"versions\": [{\"status\": \"affected\", \"version\": \"before version 5.4.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"denial of service\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-691\", \"description\": \"Insufficient control flow management\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2023-08-11T02:37:16.933Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-28711\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-02T13:24:53.495Z\", \"dateReserved\": \"2023-04-01T03:00:04.518Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2023-08-11T02:37:16.933Z\", \"assignerShortName\": \"intel\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-95CH-MQCF-W529

Vulnerability from github – Published: 2023-08-11 03:30 – Updated: 2024-04-04 06:51

Details

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-28711"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670",
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-11T03:15:25Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-95ch-mqcf-w529",
  "modified": "2024-04-04T06:51:19Z",
  "published": "2023-08-11T03:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28711"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2023-AVI-0640

Vulnerability from certfr_avis - Published: 2023-08-09 - Updated: 2023-08-09

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
Client Intel Unite pour Mac versions antérieures à 4.2.11
Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
logiciel Intel VROC versions antérieures à 8.0.0.4035
Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
Logiciel Intel Easy Streaming Wizard toutes versions [1]
Application Android Intel Support versions antérieures à v23.02.07
Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
Logiciel Intel oneMKL versions antérieures à 2022.0
Logiciel Intel DTT versions antérieures à 8.7.10801.25109
Logiciel Intel AI Hackathon versions antérieures à 2.0.0
Logiciel Intel DSA versions antérieures à 23.1.9
Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
Outils Intel oneAPI versions antérieures à 2023.1.0
BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
Logiciel Intel Manageability Commander versions antérieures à 2.3
Logiciel Intel Unison versions antérieures à 10.12
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
Outils de développement Intel PSR versions antérieures à 1.0.0.20
Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
Application Android Intel Unite versions antérieures à 4.2.3504
Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
Logiciel Intel ITS versions antérieures à 3.1
Outils de développement Intel RealSense versions antérieures à 2.53.1

[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00846 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00844 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00897 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00893 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00899 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00828 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00813 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00912 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00859 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00932 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00812 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00892 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00934 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00795 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00938 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00826 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00862 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00818 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00836 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00840 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00873 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00742 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00794 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00766 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00879 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00905 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00837 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00783 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00830 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00842 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00877 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00848 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00829 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00917 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00946 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00800 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00890 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00850 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00849 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00868 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00878 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00907 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00690 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00875 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00872 du 08 août 2023	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00835 du 08 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-32617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
    },
    {
      "name": "CVE-2023-27509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
    },
    {
      "name": "CVE-2023-31246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
    },
    {
      "name": "CVE-2023-23577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
    },
    {
      "name": "CVE-2022-44611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
    },
    {
      "name": "CVE-2023-28736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
    },
    {
      "name": "CVE-2023-29243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
    },
    {
      "name": "CVE-2023-34086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
    },
    {
      "name": "CVE-2023-27392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
    },
    {
      "name": "CVE-2023-24016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
    },
    {
      "name": "CVE-2022-27635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
    },
    {
      "name": "CVE-2023-28823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
    },
    {
      "name": "CVE-2023-22356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
    },
    {
      "name": "CVE-2023-27506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
    },
    {
      "name": "CVE-2023-32547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
    },
    {
      "name": "CVE-2022-36372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
    },
    {
      "name": "CVE-2023-25773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
    },
    {
      "name": "CVE-2023-28658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
    },
    {
      "name": "CVE-2022-37343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
    },
    {
      "name": "CVE-2022-36392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
    },
    {
      "name": "CVE-2023-27515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
    },
    {
      "name": "CVE-2022-38076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
    },
    {
      "name": "CVE-2023-27391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
    },
    {
      "name": "CVE-2022-37336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
    },
    {
      "name": "CVE-2023-28385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
    },
    {
      "name": "CVE-2023-25944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
    },
    {
      "name": "CVE-2023-29500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
    },
    {
      "name": "CVE-2023-22841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
    },
    {
      "name": "CVE-2022-38102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
    },
    {
      "name": "CVE-2023-22444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
    },
    {
      "name": "CVE-2023-32609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
    },
    {
      "name": "CVE-2023-28938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
    },
    {
      "name": "CVE-2023-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
    },
    {
      "name": "CVE-2023-28714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
    },
    {
      "name": "CVE-2023-22276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
    },
    {
      "name": "CVE-2023-33867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
    },
    {
      "name": "CVE-2022-29871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
    },
    {
      "name": "CVE-2022-40982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
    },
    {
      "name": "CVE-2022-29887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
    },
    {
      "name": "CVE-2023-32656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
    },
    {
      "name": "CVE-2023-22449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
    },
    {
      "name": "CVE-2023-25757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
    },
    {
      "name": "CVE-2023-25182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
    },
    {
      "name": "CVE-2022-29470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
    },
    {
      "name": "CVE-2023-29494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
    },
    {
      "name": "CVE-2023-28380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
    },
    {
      "name": "CVE-2022-41984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
    },
    {
      "name": "CVE-2023-22840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
    },
    {
      "name": "CVE-2022-40964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
    },
    {
      "name": "CVE-2023-34355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
    },
    {
      "name": "CVE-2022-38973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
    },
    {
      "name": "CVE-2022-34657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
    },
    {
      "name": "CVE-2023-29151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
    },
    {
      "name": "CVE-2022-43505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
    },
    {
      "name": "CVE-2022-36351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
    },
    {
      "name": "CVE-2023-34438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
    },
    {
      "name": "CVE-2023-28405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
    },
    {
      "name": "CVE-2023-34427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
    },
    {
      "name": "CVE-2023-32663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
    },
    {
      "name": "CVE-2022-41804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
    },
    {
      "name": "CVE-2022-45112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
    },
    {
      "name": "CVE-2023-27505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
    },
    {
      "name": "CVE-2023-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
    },
    {
      "name": "CVE-2023-22330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
    },
    {
      "name": "CVE-2023-27887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
    },
    {
      "name": "CVE-2022-43456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
    },
    {
      "name": "CVE-2023-32285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
    },
    {
      "name": "CVE-2022-46329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
    },
    {
      "name": "CVE-2023-32543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
    },
    {
      "name": "CVE-2023-34349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
    },
    {
      "name": "CVE-2023-22338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
    },
    {
      "name": "CVE-2023-26587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
    },
    {
      "name": "CVE-2023-30760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
    },
    {
      "name": "CVE-2022-44612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
    },
    {
      "name": "CVE-2023-25775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
    },
    {
      "name": "CVE-2022-27879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
    },
    {
      "name": "CVE-2022-25864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
    },
    {
      "name": "CVE-2023-23908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
    },
    {
      "name": "CVE-2022-38083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
    }
  ],
  "initial_release_date": "2023-08-09T00:00:00",
  "last_revision_date": "2023-08-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0640",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
    }
  ]
}

CERTFR-2024-AVI-0356

Vulnerability from certfr_avis - Published: 2024-04-30 - Updated: 2024-04-30

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus Network Monitor	Nessus Network Monitor versions antérieures à 6.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2024-07 du 30 avril 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.4.0",
      "product": {
        "name": "Nessus Network Monitor",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2023-46219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
    },
    {
      "name": "CVE-2023-28711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
    }
  ],
  "initial_release_date": "2024-04-30T00:00:00",
  "last_revision_date": "2024-04-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0356",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nNetwork Monitor. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n\n\u00a0\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Network Monitor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-07 du 30 avril 2024",
      "url": "https://www.tenable.com/security/tns-2024-07"
    }
  ]
}

GSD-2023-28711

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.

Aliases

CVE-2023-28711

Aliases

CVE-2023-28711

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-28711",
    "id": "GSD-2023-28711"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-28711"
      ],
      "details": "Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.",
      "id": "GSD-2023-28711",
      "modified": "2023-12-13T01:20:49.295677Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "ID": "CVE-2023-28711",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Hyperscan Library maintained by Intel(R)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "before version 5.4.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "denial of service"
              },
              {
                "cweId": "CWE-691",
                "lang": "eng",
                "value": "Insufficient control flow management"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html",
            "refsource": "MISC",
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:hyperscan_library:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2023-28711"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-670"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-08-18T15:15Z",
      "publishedDate": "2023-08-11T03:15Z"
    }
  }
}

WID-SEC-W-2024-0992

Vulnerability from csaf_certbund - Published: 2024-04-29 22:00 - Updated: 2024-05-22 22:00

Summary

Tenable Security Nessus Network Monitor: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Tenable Nessus Network Monitor ist ein Netzwerküberwachungstool zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Dateien zu manipulieren oder Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Tenable Nessus Network Monitor ist ein Netzwerk\u00fcberwachungstool zur Inventarisierung und \u00dcberwachung von Netzwerkger\u00e4ten und den genutzten Protokollen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Dateien zu manipulieren oder Sicherheitsma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0992 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0992.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0992 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0992"
      },
      {
        "category": "external",
        "summary": "Nessus Security Advisories vom 2024-04-29",
        "url": "https://de.tenable.com/security/tns-2024-07"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2780 vom 2024-05-10",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2780.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2779 vom 2024-05-15",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2779.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2853 vom 2024-05-15",
        "url": "https://access.redhat.com/errata/RHSA-2024:2853"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2910 vom 2024-05-23",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2910.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Tenable Security Nessus Network Monitor: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-22T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:08:17.980+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0992",
      "initial_release_date": "2024-04-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-05-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-05-15T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-22T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.4.0",
                "product": {
                  "name": "Tenable Security Nessus Network Monitor \u003c6.4.0",
                  "product_id": "T034461"
                }
              }
            ],
            "category": "product_name",
            "name": "Nessus Network Monitor"
          }
        ],
        "category": "vendor",
        "name": "Tenable Security"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28711",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Tenable Security Nessus Network Monitor. Diese Fehler bestehen in den Drittanbieter-Komponenten Hyperscan Library und c-ares aufgrund eines unzureichenden Kontrollfluss-Managements und eines NULL-Zeiger-Dereferenz-Problems. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914"
        ]
      },
      "release_date": "2024-04-29T22:00:00.000+00:00",
      "title": "CVE-2023-28711"
    },
    {
      "cve": "CVE-2024-25629",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Tenable Security Nessus Network Monitor. Diese Fehler bestehen in den Drittanbieter-Komponenten Hyperscan Library und c-ares aufgrund eines unzureichenden Kontrollfluss-Managements und eines NULL-Zeiger-Dereferenz-Problems. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914"
        ]
      },
      "release_date": "2024-04-29T22:00:00.000+00:00",
      "title": "CVE-2024-25629"
    },
    {
      "cve": "CVE-2023-46218",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Tenable Security Nessus Network Monitor. Diese Fehler bestehen in der \"Curl\"-Komponente aufgrund einer unsachgem\u00e4\u00dfen Cookie-Behandlung und einer unsachgem\u00e4\u00dfen Neutralisierung von Eingaben. Dies erm\u00f6glicht es einer Website, Cookies zu setzen und sie an verschiedene und nicht verwandte Websites und Dom\u00e4nen zu senden oder beliebige Dateiinhalte zu l\u00f6schen, wenn HSTS-Daten gespeichert werden. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder um Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914"
        ]
      },
      "release_date": "2024-04-29T22:00:00.000+00:00",
      "title": "CVE-2023-46218"
    },
    {
      "cve": "CVE-2023-46219",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Tenable Security Nessus Network Monitor. Diese Fehler bestehen in der \"Curl\"-Komponente aufgrund einer unsachgem\u00e4\u00dfen Cookie-Behandlung und einer unsachgem\u00e4\u00dfen Neutralisierung von Eingaben. Dies erm\u00f6glicht es einer Website, Cookies zu setzen und sie an verschiedene und nicht verwandte Websites und Dom\u00e4nen zu senden oder beliebige Dateiinhalte zu l\u00f6schen, wenn HSTS-Daten gespeichert werden. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen oder um Dateien zu manipulieren."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914"
        ]
      },
      "release_date": "2024-04-29T22:00:00.000+00:00",
      "title": "CVE-2023-46219"
    }
  ]
}

FKIE_CVE-2023-28711

Vulnerability from fkie_nvd - Published: 2023-08-11 03:15 - Updated: 2024-11-21 07:55

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.

References

	URL	Tags
	secure@intel.com	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	intel	hyperscan_library	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:hyperscan_library:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DE8624-1CD2-47D5-8C9C-B7210DECA489",
              "versionEndExcluding": "5.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access."
    }
  ],
  "id": "CVE-2023-28711",
  "lastModified": "2024-11-21T07:55:51.330",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secure@intel.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-11T03:15:25.803",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-691"
        }
      ],
      "source": "secure@intel.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-670"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-28711 (GCVE-0-2023-28711)

GHSA-95CH-MQCF-W529

CERTFR-2023-AVI-0640

Solution

CERTFR-2024-AVI-0356

Solution

GSD-2023-28711

WID-SEC-W-2024-0992

FKIE_CVE-2023-28711

Tags

Sightings

Nomenclature