Lucene search

[email protected]NVD:CVE-2023-23696

HistoryFeb 07, 2023 - 10:15 a.m.

CVE-2023-23696

2023-02-0710:15:52

CWE-863

CWE-285

[email protected]

web.nvd.nist.gov

dell command intel vpro out of band

improper authorization

arbitrary files

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

13.2%

JSON

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.

Affected configurations

Nvd

Node

dellcommand_\|_intel_vpro_out_of_bandRange<4.4.0

VendorProductVersionCPE
dellcommand_\|_intel_vpro_out_of_band*cpe:2.3:a:dell:command_\|_intel_vpro_out_of_band:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	command_\\|_intel_vpro_out_of_band	*	cpe:2.3:a:dell:command_\\|_intel_vpro_out_of_band::::::::

References

www.dell.com/support/kbdoc/en-us/000208331/dsa-2023-029-dell-command-intel-vpro-out-of-band-security-update-for-an-improper-authorization-vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

13.2%

JSON

Related for NVD:CVE-2023-23696

cvelist1 prion1 cve1