Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00708
HistoryNov 08, 2022 - 12:00 a.m.

Intel® Server Boards and Server Systems Advisory

2022-11-0800:00:00
Intel Security Center
www.intel.com
86
intel server boards
server systems
firmware updates
cve-2022-30542
cve-2021-0185
cve-2022-25917
local access
privilege escalation
denial of service

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary:

Potential security vulnerabilities in some Intel® Server Boards and Server Systems may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities

Vulnerability Details:

CVEID: CVE-2022-30542

Description: Improper input validation in the firmware for some Intel® Server Board S2600WF, Intel® Server System R1000WF and Intel® Server System R2000WF families before version R02.01.0014 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2021-0185

Description: Improper input validation in the firmware for some Intel® Server Board M10JNP Family before version 7.216 may allow a privileged user to potentially enable an escalation of privilege via local access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2022-25917

Description: Uncaught exception in the firmware for some Intel® Server Board M50CYP Family before version R01.01.0005 may allow a privileged user to potentially enable a denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H****

Affected Products:

  • Intel® Server Board S2600WF Family.
  • Intel® Server Board M50CYP Family.
  • Intel® Server Board M10JNP Family.
  • Intel® Server System R1000WF Family.
  • Intel® Server System R2000WF Family.

Recommendations:

Intel recommends updating the firmware for the affected Intel® Server Boards and Server Systems to the latest version:

Intel® Server System R1000WF, R200WF and Intel® Server Board S2600WF Family updates are available here.

Intel® Server Board M50CYP Family updates are available here.

Intel® Server Board M10JNP Family updates are available here.

Acknowledgements:

The following issues were found internally by Intel employees; CVE-2022-30542 and CVE-2022-25917. Intel would like to thank Jorge E. Gonzalez Diaz.

Intel would like to thank Dmitry Frolov (CVE-2021-0185) for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 3
cve 3
prion 3
nvd 3
cvelist
cvelist
CVE-2022-25917
2022-11-11 15:49:09
CVE-2022-30542
2022-11-11 15:48:55
CVE-2021-0185
2022-11-10 22:00:30
cve
cve
CVE-2022-25917
2022-11-11 16:15:11
CVE-2022-30542
2022-11-11 16:15:14
CVE-2021-0185
2022-11-10 23:15:09
prion
prion
Design/Logic Flaw
2022-11-11 16:15:00
Input validation
2022-11-11 16:15:00
Input validation
2022-11-10 23:15:00
nvd
nvd
CVE-2022-25917
2022-11-11 16:15:11
CVE-2022-30542
2022-11-11 16:15:14
CVE-2021-0185
2022-11-10 23:15:09

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for INTEL:INTEL-SA-00708
cvelist3cve3prion3nvd3