CVE-2023-34431 - Vulnerability Details

Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel Subscribe	Compute Module Hns2600bpb Subscribe Compute Module Hns2600bpb24 Subscribe Compute Module Hns2600bpb24 Firmware Subscribe Compute Module Hns2600bpb Firmware Subscribe Compute Module Hns2600bpblc Subscribe Compute Module Hns2600bpblc24 Subscribe Compute Module Hns2600bpblc24 Firmware Subscribe Compute Module Hns2600bpblc24r Subscribe Compute Module Hns2600bpblc24r Firmware Subscribe Compute Module Hns2600bpblc Firmware Subscribe Compute Module Hns2600bpblcr Subscribe Compute Module Hns2600bpblcr Firmware Subscribe Compute Module Hns2600bpbr Subscribe Compute Module Hns2600bpbr Firmware Subscribe Compute Module Hns2600bpq Subscribe Compute Module Hns2600bpq24 Subscribe Compute Module Hns2600bpq24 Firmware Subscribe Compute Module Hns2600bpq24r Subscribe Compute Module Hns2600bpq24r Firmware Subscribe Compute Module Hns2600bpq Firmware Subscribe Compute Module Hns2600bpqr Subscribe Compute Module Hns2600bpqr Firmware Subscribe Compute Module Hns2600bps Subscribe Compute Module Hns2600bps24 Subscribe Compute Module Hns2600bps24 Firmware Subscribe Compute Module Hns2600bps24r Subscribe Compute Module Hns2600bps24r Firmware Subscribe Compute Module Hns2600bps Firmware Subscribe Compute Module Hns2600bpsr Subscribe Compute Module Hns2600bpsr Firmware Subscribe Compute Module Liquid-cooled Hns2600bpbrct Subscribe Compute Module Liquid-cooled Hns2600bpbrct Firmware Subscribe Server Board M10jnp2sb Subscribe Server Board M10jnp2sb Firmware Subscribe Server Board M20ntp2sb Subscribe Server Board M20ntp2sb Firmware Subscribe Server Board M70klp2sb Subscribe Server Board M70klp2sb Firmware Subscribe Server Board S2600bpb Subscribe Server Board S2600bpb Firmware Subscribe Server Board S2600bpbr Subscribe Server Board S2600bpbr Firmware Subscribe Server Board S2600bpq Subscribe Server Board S2600bpq Firmware Subscribe Server Board S2600bpqr Subscribe Server Board S2600bpqr Firmware Subscribe Server Board S2600bps Subscribe Server Board S2600bps Firmware Subscribe Server Board S2600bpsr Subscribe Server Board S2600bpsr Firmware Subscribe Server System M20ntp1ur304 Subscribe Server System M20ntp1ur304 Firmware Subscribe Server System M70klp4s2uhh Subscribe Server System M70klp4s2uhh Firmware Subscribe Server System Mcb2208wfaf5 Subscribe Server System Mcb2208wfaf5 Firmware Subscribe Server System Vrn2224bpaf6 Subscribe Server System Vrn2224bpaf6 Firmware Subscribe Server System Vrn2224bphy6 Subscribe Server System Vrn2224bphy6 Firmware Subscribe Server System Zsb2224bpaf1 Subscribe Server System Zsb2224bpaf1 Firmware Subscribe Server System Zsb2224bpaf2 Subscribe Server System Zsb2224bpaf2 Firmware Subscribe Server System Zsb2224bphy1 Subscribe Server System Zsb2224bphy1 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:intel:server_board_m70klp2sb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_m70klp2sb:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:server_system_m70klp4s2uhh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m70klp4s2uhh:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:intel:server_board_m20ntp2sb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_m20ntp2sb:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:intel:server_system_m20ntp1ur304_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_m20ntp1ur304:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:intel:server_board_m10jnp2sb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_m10jnp2sb:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:intel:server_board_s2600bpbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_s2600bpbr:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:intel:server_board_s2600bps_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_s2600bps:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:intel:server_board_s2600bpsr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_s2600bpsr:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:intel:server_board_s2600bpqr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_s2600bpqr:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:intel:server_board_s2600bpb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_s2600bpb:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:intel:server_board_s2600bpq_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_board_s2600bpq:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpblcr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpblcr:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpblc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpblc:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpblc24r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpblc24r:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bps_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bps:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bps24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bps24:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpbr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpbr:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpqr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpqr:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpsr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpsr:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bps24r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bps24r:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpq24r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpq24r:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpb24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpb24:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpb:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpblc24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpblc24:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpq_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpq:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:intel:compute_module_hns2600bpq24_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_hns2600bpq24:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:intel:compute_module_liquid-cooled_hns2600bpbrct_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:compute_module_liquid-cooled_hns2600bpbrct:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:intel:server_system_vrn2224bpaf6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_vrn2224bpaf6:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:intel:server_system_vrn2224bphy6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_vrn2224bphy6:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:intel:server_system_mcb2208wfaf5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_mcb2208wfaf5:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:intel:server_system_zsb2224bpaf2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_zsb2224bpaf2:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:intel:server_system_zsb2224bphy1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_zsb2224bphy1:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:intel:server_system_zsb2224bpaf1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:server_system_zsb2224bpaf1:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-38508	Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00719.html

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-11-14T19:05:08.245Z

Updated: 2024-08-30T16:57:11.553Z

Reserved: 2023-06-06T03:00:05.087Z

Link: CVE-2023-34431

Vulnrichment

Updated: 2024-08-02T16:10:07.186Z

NVD

Status : Modified

Published: 2023-11-14T19:15:28.417

Modified: 2024-11-21T08:07:13.497

Link: CVE-2023-34431

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object