← Back

CVE-2023-27517

nvd nist
Published: Feb 14, 2024Modified: Feb 20, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.

Affected (3)

Intel
1 product
Optane Persistent Memory Firmware
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Optane Persistent Memory Firmware
From 01.00.00.3072 to 01.00.00.3547
Running on/withPlatform Versions
Intel
Nma1xxd128gpsu4
All versions
Intel
Nma1xxd128gpsuf
All versions
Intel
Nma1xxd256gpsu4
All versions
Intel
Nma1xxd256gpsuf
All versions
Intel
Nma1xxd512gpsu4
All versions
Intel
Nma1xxd512gpsuf
All versions
Configuration B
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Optane Persistent Memory Firmware
From 02.00.00.3423 to 02.00.00.3915
Running on/withPlatform Versions
Intel
Nmb1xxd128gpsu4
All versions
Intel
Nmb1xxd128gpsuf
All versions
Intel
Nmb1xxd256gpsu4
All versions
Intel
Nmb1xxd256gpsuf
All versions
Intel
Nmb1xxd512gpsu4
All versions
Intel
Nmb1xxd512gpsuf
All versions
Configuration C
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Optane Persistent Memory Firmware
From 03.00.00.0302 to 03.00.00.0483
Running on/withPlatform Versions
Intel
Nmc2xxd128gpsu4
All versions
Intel
Nmc2xxd256gpsu4
All versions
Intel
Nmc2xxd512gpsu4
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: secure@intel.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.