Multiple vulnerabilities in Intel Chipset Firmware
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-40067 CVE-2023-35061 CVE-2023-48361 CVE-2024-21844 CVE-2023-34424 CVE-2023-38655 |
| CWE-ID | CWE-252 CWE-665 CWE-190 CWE-20 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Converged Security and Management Engine (CSME) Hardware solutions / Firmware Intel Killer Wi-Fi Hardware solutions / Firmware Intel X299 Chipset Hardware solutions / Firmware Intel C420 Chipset Hardware solutions / Firmware Intel C230 series chipset Hardware solutions / Firmware 2nd Gen Intel Xeon Scalable processor Hardware solutions / Firmware Intel Xeon W processor 3200 series Hardware solutions / Firmware 1st Gen Intel Xeon Scalable processor Hardware solutions / Firmware Intel Xeon W processor 3100 series Hardware solutions / Firmware 8th Gen Intel Core processor Hardware solutions / Firmware Intel 200 Series Chipset Hardware solutions / Firmware Intel 100 Series Chipset Hardware solutions / Firmware Intel 300 Series Chipset Hardware solutions / Firmware Intel C240 Series Chipset Hardware solutions / Firmware Pentium Gold processor series (G54XXU) Hardware solutions / Firmware Celeron processor 4000 series Hardware solutions / Firmware Intel 400 Series Chipset Hardware solutions / Firmware Intel 500 series chipset Hardware solutions / Firmware Intel C250 Series Chipset Hardware solutions / Firmware Intel Atom x6000E series Hardware solutions / Firmware Intel 600 Series Chipset Hardware solutions / Firmware Intel Celeron Processor N Series Hardware solutions / Firmware Intel Celeron Processor J Series Hardware solutions / Firmware Intel Pentium Processor Silver Series Hardware solutions / Firmware Intel PROSet/Wireless WiFi Software for Windows Hardware solutions / Drivers Intel Pentium Processor N Series Hardware solutions / Other hardware appliances Intel Pentium Processor J Series Hardware solutions / Other hardware appliances |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Unchecked Return Value
EUVDB-ID: #VU96072
Risk: Low
CVSSv4.0: 0.7 [CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-40067
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows an attacker with physical access to escalate privileges on the system.
The vulnerability exists due to unchecked return value in firmware, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsConverged Security and Management Engine (CSME): All versions
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Initialization
EUVDB-ID: #VU96075
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35061
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to improper initialization. A remote attacker on the local network can enable information disclosure.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel PROSet/Wireless WiFi Software for Windows: All versions
Intel Killer Wi-Fi: before 22.240
CPE2.3- cpe:2.3:h:intel:intel_proset_wireless_wifi_software:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_killer_wi-fi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Initialization
EUVDB-ID: #VU96073
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48361
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due to improper initialization in firmware. A local administrator can enable information disclosure.
MitigationInstall updates from vendor's website.
Vulnerable software versionsConverged Security and Management Engine (CSME): All versions
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU96074
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-21844
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in firmware. A remote attacker on the local network can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsConverged Security and Management Engine (CSME): All versions
Intel X299 Chipset: before 11.12.95
Intel C420 Chipset: before 11.12.95
CPE2.3- cpe:2.3:h:intel:csme:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU96076
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-34424
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in firmware. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsConverged Security and Management Engine (CSME): All versions
Intel C420 Chipset: before 11.12.95
Intel X299 Chipset: before 11.12.95
Intel C230 series chipset: before 11.12.95
2nd Gen Intel Xeon Scalable processor: before 11.22.95
Intel Xeon W processor 3200 series: before 11.22.95
1st Gen Intel Xeon Scalable processor: before 11.22.95
Intel Xeon W processor 3100 series: before 11.22.95
8th Gen Intel Core processor: before 11.8.95
Intel 200 Series Chipset: before 11.8.95
Intel 100 Series Chipset: before 11.8.95
Intel 300 Series Chipset: before 12.0.94
Intel C240 Series Chipset: before 12.0.94
Pentium Gold processor series (G54XXU): before 12.0.94
Celeron processor 4000 series: before 12.0.94
Intel 400 Series Chipset: before 14.1.72
Intel 500 series chipset: before 15.0.47
Intel C250 Series Chipset: before 15.0.47
Intel Atom x6000E series: before 15.40.32
Intel 600 Series Chipset: before 16.1.30
Intel Pentium Processor N Series: before 15.40.32
Intel Pentium Processor J Series: before 15.40.32
Intel Celeron Processor N Series: before 15.40.32
Intel Celeron Processor J Series: before 15.40.32
CPE2.3- cpe:2.3:h:intel:csme:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:2nd_gen_intel_xeon_scalable_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processor_3200_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:1st_gen_intel_xeon_scalable_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processor_3100_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_400_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_500_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c250_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_x6000e_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_600_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_n_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_j_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_n_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_j_series:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU96077
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-38655
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in firmware. A local administrator can trigger memory corruption and cause a denail of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel C420 Chipset: before 11.12.95
Intel X299 Chipset: before 11.12.95
Intel C230 series chipset: before 11.12.95
2nd Gen Intel Xeon Scalable processor: before 11.22.95
Intel Xeon W processor 3200 series: before 11.22.95
1st Gen Intel Xeon Scalable processor: before 11.22.95
Intel Xeon W processor 3100 series: before 11.22.95
8th Gen Intel Core processor: before 11.8.95
Intel 200 Series Chipset: before 11.8.95
Intel 100 Series Chipset: before 11.8.95
Intel 300 Series Chipset: before 12.0.94
Intel C240 Series Chipset: before 12.0.94
Pentium Gold processor series (G54XXU): before 12.0.94
Celeron processor 4000 series: before 12.0.94
Intel 400 Series Chipset: before 14.1.72
Intel 500 series chipset: before 15.0.47
Intel C250 Series Chipset: before 15.0.47
Intel Atom x6000E series: before 15.40.32
Intel 600 Series Chipset: before 16.1.30
Intel Pentium Processor N Series: before 15.40.32
Intel Pentium Processor J Series: before 15.40.32
Intel Celeron Processor N Series: before 15.40.32
Intel Celeron Processor J Series: before 15.40.32
Intel Pentium Processor Silver Series: before 13.50.27
CPE2.3- cpe:2.3:h:intel:intel_c420_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_x299_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c230_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:2nd_gen_intel_xeon_scalable_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processor_3200_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:1st_gen_intel_xeon_scalable_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processor_3100_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_200_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_100_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_300_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c240_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:pentium_gold_processor_series_g54xxu:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:celeron_processor_4000_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_400_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_500_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c250_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_x6000e_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_600_series_chipset:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_n_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_j_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_n_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processor_j_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processor_silver_series:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
