Lucene search

K
cveIntelCVE-2023-32666
HistoryMar 14, 2024 - 5:15 p.m.

CVE-2023-32666

2024-03-1417:15:51
CWE-1191
intel
web.nvd.nist.gov
38
cve-2023-32666
intel
xeon
sgx
tdx
access control
privilege escalation
nvd

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS

0

Percentile

9.0%

On-chip debug and test interface with improper access control in some 4th Generation Intel® Xeon® Processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access.

Affected configurations

Vulnrichment
Node
intelxeon_e-2124g_firmware
VendorProductVersionCPE
intelxeon_e-2124g_firmware*cpe:2.3:o:intel:xeon_e-2124g_firmware:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX",
    "versions": [
      {
        "version": "some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

7.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS

0

Percentile

9.0%

Related for CVE-2023-32666