Lucene search

K
cvelistIntelCVELIST:CVE-2023-25175
HistoryMay 10, 2023 - 1:17 p.m.

CVE-2023-25175

2023-05-1013:17:06
CWE-20
intel
www.cve.org
5
cve-2023-25175
input validation
intel server board
bmc firmware
information disclosure
local access

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L

AI Score

6

Confidence

High

EPSS

0

Percentile

9.0%

Improper input validation in some Intel® Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) Server Board BMC firmware",
    "versions": [
      {
        "version": "before version 2.90",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

CVSS3

6.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L

AI Score

6

Confidence

High

EPSS

0

Percentile

9.0%

Related for CVELIST:CVE-2023-25175