March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Multiple Fortinet Products Vulnerabilities
March 14, 2024
Rewterz Threat Advisory – CVE-2024-2400 – Google Chrome Vulnerability
March 14, 2024
Rewterz Threat Advisory – Multiple Fortinet Products Vulnerabilities
March 14, 2024
Rewterz Threat Advisory – CVE-2024-2400 – Google Chrome Vulnerability
March 14, 2024
Severity
Medium
Analysis Summary
CVE-2023-43490 CVSS:5.3
Intel Xeon D processors with Intel SGX could allow a local authenticated attacker to obtain sensitive information, caused by incorrect calculation in the microcode keying mechanism. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2023-38575 CVSS:5.5
Intel processors could allow a local authenticated attacker to obtain sensitive information, caused by non-transparent sharing of return predictor targets between contexts. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2023-39368 CVSS:6.5
Multiple Intel Processors are vulnerable to a denial of service, caused by protection mechanism failure of bus lock regulator. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-28389 CVSS:6.7
Intel CSME installer software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-28746 CVSS:6.5
Intel Atom Processors could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in microarchitectural state after transient execution from some register files. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-32633 CVSS:6.7
Intel CSME installer software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-22655 CVSS:6.1
Multiple Intel Xeon Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by protection mechanism failure. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2023-27502 CVSS:3.3
Intel Local Manageability Service software could allow a local authenticated attacker to obtain sensitive information, caused by the insertion of sensitive information into log file. By gaining access to the log file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-35191 CVSS:4.9
Intel SPS firmware is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-32282 CVSS:7.2
Multiple Intel Processors could allow a local authenticated attacker to gain elevated privileges on the system, caused by the race condition in BIOS firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Information Disclosure
- Denial of Service
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-43490
- CVE-2023-38575
- CVE-2023-39368
- CVE-2023-28389
- CVE-2023-28746
- CVE-2023-32633
- CVE-2023-22655
- CVE-2023-27502
- CVE-2023-35191
- CVE-2023-32282
Affected Vendors
Intel
Affected Products
- Intel 10th Generation Intel Core Processor Family
- Intel Server Platform Services SPS_E5_04
- Intel CSME
- Intel Xeon D processors with Intel SGX
- Intel Intel processors
- Intel Atom Processors
- Intel 3rd Gen Intel Xeon Scalable Processor Family
- Intel Intel Xeon D Processor
- Intel 4th Generation Intel Xeon Platinum Processors
- Intel 4th Generation Intel Xeon Gold Processors
- Intel Intel Xeon CPU Max Series Processors
- Intel 4th Gen Intel Xeon Scalable Processors with Intel vRAN
- Intel Local Manageability Service
- Intel Server Platform Services SPS_E5_06
- Intel 11th Generation Intel Core Processor Family
- Intel 12th Generation Intel Core Processor Family
- Intel Intel Pentium Gold Processor Family
- Intel Intel Celeron Processor Family
Remediation
Refer to INTEL-Security Advisory for patch, upgrade or suggested workaround information.