CVE-2023-28383 - OpenCVE

Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: intel

Published: 2024-05-16T20:47:48.811Z

Updated: 2024-06-04T17:28:53.267Z

Reserved: 2023-05-06T03:00:04.372Z

Link: CVE-2023-28383

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-16T21:15:51.563

Modified: 2024-05-17T18:36:31.297

Link: CVE-2023-28383

JSON object: View

Redhat Information

No data.

CWE

CWE-92

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28383", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-05-06T03:00:04.372Z", "datePublished": "2024-05-16T20:47:48.811Z", "dateUpdated": "2024-06-04T17:28:53.267Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:47:48.811Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper conditions check", "cweId": "CWE-92", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) BIOS PPAM firmware", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00814.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28383", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T15:04:57.284586Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:intel:tiger_lake:-:*:*:*:*:*:*:*"], "vendor": "intel", "product": "tiger_lake", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:alder_lake:-:*:*:*:*:*:*:*"], "vendor": "intel", "product": "alder_lake", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:comet_lake:-:*:*:*:client:*:*:*"], "vendor": "intel", "product": "comet_lake", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:intel:rocket_lake:-:*:*:*:*:*:*:*"], "vendor": "intel", "product": "rocket_lake", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:53.267Z"}}]}}