#VU96076 Input validation error in Intel products - CVE-2023-34424

Cybersecurity Help s.r.o.

Published: 2024-08-16

Vulnerability identifier: #VU96076

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-34424

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Converged Security and Management Engine (CSME)
Hardware solutions / Firmware
Intel C420 Chipset
Hardware solutions / Firmware
Intel X299 Chipset
Hardware solutions / Firmware
Intel C230 series chipset
Hardware solutions / Firmware
2nd Gen Intel Xeon Scalable processor
Hardware solutions / Firmware
Intel Xeon W processor 3200 series
Hardware solutions / Firmware
1st Gen Intel Xeon Scalable processor
Hardware solutions / Firmware
Intel Xeon W processor 3100 series
Hardware solutions / Firmware
8th Gen Intel Core processor
Hardware solutions / Firmware
Intel 200 Series Chipset
Hardware solutions / Firmware
Intel 100 Series Chipset
Hardware solutions / Firmware
Intel 300 Series Chipset
Hardware solutions / Firmware
Intel C240 Series Chipset
Hardware solutions / Firmware
Pentium Gold processor series (G54XXU)
Hardware solutions / Firmware
Celeron processor 4000 series
Hardware solutions / Firmware
Intel 400 Series Chipset
Hardware solutions / Firmware
Intel 500 series chipset
Hardware solutions / Firmware
Intel C250 Series Chipset
Hardware solutions / Firmware
Intel Atom x6000E series
Hardware solutions / Firmware
Intel 600 Series Chipset
Hardware solutions / Firmware
Intel Celeron Processor N Series
Hardware solutions / Firmware
Intel Celeron Processor J Series
Hardware solutions / Firmware
Intel Pentium Processor N Series
Hardware solutions / Other hardware appliances
Intel Pentium Processor J Series
Hardware solutions / Other hardware appliances

Vendor: Intel

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in firmware. A local administrator can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Converged Security and Management Engine (CSME): All versions

Intel C420 Chipset: before 11.12.95

Intel X299 Chipset: before 11.12.95

Intel C230 series chipset: before 11.12.95

2nd Gen Intel Xeon Scalable processor: before 11.22.95

Intel Xeon W processor 3200 series: before 11.22.95

1st Gen Intel Xeon Scalable processor: before 11.22.95

Intel Xeon W processor 3100 series: before 11.22.95

8th Gen Intel Core processor: before 11.8.95

Intel 200 Series Chipset: before 11.8.95

Intel 100 Series Chipset: before 11.8.95

Intel 300 Series Chipset: before 12.0.94

Intel C240 Series Chipset: before 12.0.94

Pentium Gold processor series (G54XXU): before 12.0.94

Celeron processor 4000 series: before 12.0.94

Intel 400 Series Chipset: before 14.1.72

Intel 500 series chipset: before 15.0.47

Intel C250 Series Chipset: before 15.0.47

Intel Atom x6000E series: before 15.40.32

Intel 600 Series Chipset: before 16.1.30

Intel Pentium Processor N Series: before 15.40.32

Intel Pentium Processor J Series: before 15.40.32

Intel Celeron Processor N Series: before 15.40.32

Intel Celeron Processor J Series: before 15.40.32

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel Chipset Firmware