GitHub Actions Susceptible to Typosquatting to Propagate Hidden Malicious Code
September 9, 2024Users Urged by SonicWall to Patch Critical Firewall Vulnerability Due to Potential Exploitation
September 9, 2024GitHub Actions Susceptible to Typosquatting to Propagate Hidden Malicious Code
September 9, 2024Users Urged by SonicWall to Patch Critical Firewall Vulnerability Due to Potential Exploitation
September 9, 2024Severity
Medium
Analysis Summary
CVE-2024-25939 CVSS:6
Intel 3rd Generation Xeon Scalable Processor is vulnerable to a denial of service, caused by an issue with mirrored regions with different values. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-38655 CVSS:6.8
Intel Active Management Technology (AMT) and Standard Manageability are vulnerable to a denial of service, caused by improper buffer restrictions in the firmware. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-48361 CVSS:2.3
Intel Converged Security and Manageability Engine (CSME) could allow a local authenticated attacker to obtain sensitive information, caused by improper initialization in the firmware. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-25939
- CVE-2023-38655
- CVE-2023-48361
Affected Vendors
Affected Products
- Intel Standard Manageability
- Intel 3rd Generation Xeon Scalable Processors
- Intel Active Management Technology (AMT)
- Intel Converged Security and Manageability Engine (CSME)
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.