Severity
High
Analysis Summary
CVE-2022-41689 CVSS: 7.3
Intel In-Band Manageability could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2023-33872 CVSS: 5.5
Intel Support Android application could allow a local authenticated attacker to obtain sensitive information, caused by improper access control. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2023-22327 CVSS: 6.0
Intel Field Programmable Gate Array (FPGA) products could allow a local authenticated attacker to obtain sensitive information, caused by out-of-bounds write. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVE-2023-32638 CVSS: 6.7
Intel Arc RGB Controller ] software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. An attacker could exploit this vulnerability to escalate privileges.
CVE-2023-39230 CVSS: 6.7
Intel Rapid Storage Technology software could allow a remote authenticated attacker to gain elevated privileges on the system, caused by insecure inherited permissions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-31273 CVSS: 10.0
Intel Data Center Manager software could allow a remote attacker to gain elevated privileges on the system, caused by protection mechanism failure. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-41689
- CVE-2023-33872
- CVE-2023-22327
- CVE-2023-32638
- CVE-2023-39230
- CVE-2023-31273
Affected Vendors
Intel
Affected Products
- Intel In-Band Manageability 2.12.0
- Intel In-Band Manageability 3.0.13
- Intel Support Android application
- Intel Agilex 7 FPGA and SoC FPGA product families
- Intel Arc RGB Controller software 1.06
- Intel Stratix 10 FPGA and SoC FPGA product families
- Intel Rapid Storage Technology software
- Intel Data Center Manager software
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.