Lucene search

IntelCVE-2023-24587

HistoryNov 14, 2023 - 7:15 p.m.

CVE-2023-24587

2023-11-1419:15:18

CWE-691

intel

web.nvd.nist.gov

intel

optane

ssd

firmware

denial of service

nvd

cve-2023-24587

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H

AI Score

4.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Insufficient control flow management in firmware for some Intel® Optane™ SSD products may allow a privileged user to potentially enable denial of service via local access.

Affected configurations

Nvd

Node

inteloptane_memory_h20_with_solid_state_storageMatch-

AND

inteloptane_memory_h20_with_solid_state_storage_firmwareRange<u4110553-g004

Node

inteloptane_ssd_900pMatch-

AND

inteloptane_ssd_900p_firmwareRange<e2010650

Node

inteloptane_ssd_dc_p4800xMatch-

AND

inteloptane_ssd_dc_p4800x_firmwareRange<e2010650

Node

inteloptane_ssd_dc_p4801xMatch-

AND

inteloptane_ssd_dc_p4801x_firmwareRange<e2010650

Node

inteloptane_ssd_905pMatch-

AND

inteloptane_ssd_905p_firmwareRange<e2010650

VendorProductVersionCPE
inteloptane_memory_h20_with_solid_state_storage-cpe:2.3:h:intel:optane_memory_h20_with_solid_state_storage:-:*:*:*:*:*:*:*
inteloptane_memory_h20_with_solid_state_storage_firmware*cpe:2.3:o:intel:optane_memory_h20_with_solid_state_storage_firmware:*:*:*:*:*:*:*:*
inteloptane_ssd_900p-cpe:2.3:h:intel:optane_ssd_900p:-:*:*:*:*:*:*:*
inteloptane_ssd_900p_firmware*cpe:2.3:o:intel:optane_ssd_900p_firmware:*:*:*:*:*:*:*:*
inteloptane_ssd_dc_p4800x-cpe:2.3:h:intel:optane_ssd_dc_p4800x:-:*:*:*:*:*:*:*
inteloptane_ssd_dc_p4800x_firmware*cpe:2.3:o:intel:optane_ssd_dc_p4800x_firmware:*:*:*:*:*:*:*:*
inteloptane_ssd_dc_p4801x-cpe:2.3:h:intel:optane_ssd_dc_p4801x:-:*:*:*:*:*:*:*
inteloptane_ssd_dc_p4801x_firmware*cpe:2.3:o:intel:optane_ssd_dc_p4801x_firmware:*:*:*:*:*:*:*:*
inteloptane_ssd_905p-cpe:2.3:h:intel:optane_ssd_905p:-:*:*:*:*:*:*:*
inteloptane_ssd_905p_firmware*cpe:2.3:o:intel:optane_ssd_905p_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	optane_memory_h20_with_solid_state_storage	-	cpe:2.3:h:intel:optane_memory_h20_with_solid_state_storage:-:::::::*
intel	optane_memory_h20_with_solid_state_storage_firmware	*	cpe:2.3:o:intel:optane_memory_h20_with_solid_state_storage_firmware::::::::
intel	optane_ssd_900p	-	cpe:2.3:h:intel:optane_ssd_900p:-:::::::*
intel	optane_ssd_900p_firmware	*	cpe:2.3:o:intel:optane_ssd_900p_firmware::::::::
intel	optane_ssd_dc_p4800x	-	cpe:2.3:h:intel:optane_ssd_dc_p4800x:-:::::::*
intel	optane_ssd_dc_p4800x_firmware	*	cpe:2.3:o:intel:optane_ssd_dc_p4800x_firmware::::::::
intel	optane_ssd_dc_p4801x	-	cpe:2.3:h:intel:optane_ssd_dc_p4801x:-:::::::*
intel	optane_ssd_dc_p4801x_firmware	*	cpe:2.3:o:intel:optane_ssd_dc_p4801x_firmware::::::::
intel	optane_ssd_905p	-	cpe:2.3:h:intel:optane_ssd_905p:-:::::::*
intel	optane_ssd_905p_firmware	*	cpe:2.3:o:intel:optane_ssd_905p_firmware::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) Optane(TM) SSD products",
    "versions": [
      {
        "version": "See references",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00758.html

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H

AI Score

4.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-24587